From: Piotr Dałek <piotr.dalek@corp.ovh.com>
Date: Fri, 16 Jun 2017 11:10:36 +0000 (+0200)
Subject: messages/MOSDPing: fix the inflation amount calculation
X-Git-Tag: v12.1.0~20^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=d959735a7d684018df564573a2ff88092d870fc1;p=ceph.git

messages/MOSDPing: fix the inflation amount calculation

If user specifies a min_message_size small enough (or zero to disable
it altogether), OSDs will crash and burn while trying to allocate
almost 4GB of payload (both min_message_size and payload.length() are
unsigned, so it'll roll over back to 4GB and MAX(4GB, 0) will use 4GB).
If the size of dummy payload is 0, don't bother constructing bufferptr
and bufferlist, then encoding that.

Signed-off-by: Piotr Dałek <piotr.dalek@corp.ovh.com>
---

diff --git a/src/messages/MOSDPing.h b/src/messages/MOSDPing.h
index 22d24d6aae7a..a1e18c160a0b 100644
--- a/src/messages/MOSDPing.h
+++ b/src/messages/MOSDPing.h
@@ -100,21 +100,26 @@ public:
     ::encode(peer_stat, payload);
     ::encode(stamp, payload);
 
-    bufferlist pad;
-    size_t s = MAX(min_message_size - payload.length(), 0);
-    // this should be big enough for normal min_message padding sizes. since
-    // we are targetting jumbo ethernet frames around 9000 bytes, 16k should
-    // be more than sufficient!  the compiler will statically zero this so
-    // that at runtime we are only adding a bufferptr reference to it.
-    static char zeros[16384] = {};
-    while (s > sizeof(zeros)) {
-      pad.append(buffer::create_static(sizeof(zeros), zeros));
-      s -= sizeof(zeros);
-    }
+    size_t s = 0;
+    if (min_message_size > payload.length())
+      s = min_message_size - payload.length();
+    ::encode((uint32_t)s, payload);
     if (s) {
-      pad.append(buffer::create_static(s, zeros));
+      bufferlist pad;
+      // this should be big enough for normal min_message padding sizes. since
+      // we are targetting jumbo ethernet frames around 9000 bytes, 16k should
+      // be more than sufficient!  the compiler will statically zero this so
+      // that at runtime we are only adding a bufferptr reference to it.
+      static char zeros[16384] = {};
+      while (s > sizeof(zeros)) {
+	pad.append(buffer::create_static(sizeof(zeros), zeros));
+	s -= sizeof(zeros);
+      }
+      if (s) {
+	pad.append(buffer::create_static(s, zeros));
+      }
+      ::encode(pad, payload);
     }
-    ::encode(pad, payload);
   }
 
   const char *get_type_name() const override { return "osd_ping"; }