From: Sage Weil <sage@redhat.com>
Date: Tue, 24 Sep 2019 19:52:02 +0000 (-0500)
Subject: cls/hello: test large return buffer overflow
X-Git-Tag: v15.1.0~1384^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=da6282eb0b30ca734152c77d45957508a20b8d87;p=ceph-ci.git

cls/hello: test large return buffer overflow

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/cls/hello/cls_hello.cc b/src/cls/hello/cls_hello.cc
index 880c97b122d..c301b96a301 100644
--- a/src/cls/hello/cls_hello.cc
+++ b/src/cls/hello/cls_hello.cc
@@ -165,6 +165,24 @@ static int write_return_data(cls_method_context_t hctx, bufferlist *in, bufferli
   return 42;
 }
 
+static int write_too_much_return_data(cls_method_context_t hctx, bufferlist *in, bufferlist *out)
+{
+  // make some change to the object
+  bufferlist attrbl;
+  attrbl.append("bar");
+  int r = cls_cxx_setxattr(hctx, "foo", &attrbl);
+  if (r < 0)
+    return r;
+
+  // try to return too much data.  this should be enough to exceed
+  // osd_max_write_op_reply_len, which defaults to a pretty small number.
+  for (unsigned i=0; i < 10; ++i) {
+    out->append("you should not see this because it is toooooo long. ");
+  }
+
+  return 42;
+}
+
 
 /**
  * replay - a "read" method to get a previously recorded hello
@@ -299,6 +317,7 @@ CLS_INIT(hello)
   cls_method_handle_t h_record_hello;
   cls_method_handle_t h_replay;
   cls_method_handle_t h_write_return_data;
+  cls_method_handle_t h_write_too_much_return_data;
   cls_method_handle_t h_turn_it_to_11;
   cls_method_handle_t h_bad_reader;
   cls_method_handle_t h_bad_writer;
@@ -323,6 +342,9 @@ CLS_INIT(hello)
   cls_register_cxx_method(h_class, "write_return_data",
 			  CLS_METHOD_WR,
 			  write_return_data, &h_write_return_data);
+  cls_register_cxx_method(h_class, "write_too_much_return_data",
+			  CLS_METHOD_WR,
+			  write_too_much_return_data, &h_write_too_much_return_data);
   cls_register_cxx_method(h_class, "replay",
 			  CLS_METHOD_RD,
 			  replay, &h_replay);
diff --git a/src/test/cls_hello/test_cls_hello.cc b/src/test/cls_hello/test_cls_hello.cc
index f37df635bbe..74a713f2294 100644
--- a/src/test/cls_hello/test_cls_hello.cc
+++ b/src/test/cls_hello/test_cls_hello.cc
@@ -112,6 +112,22 @@ TEST(ClsHello, WriteReturnData) {
   out.hexdump(std::cout);
   ASSERT_EQ("you might see this", std::string(out.c_str(), out.length()));
 
+  // this will overflow because the return data is too big
+  {
+    in.clear();
+    out.clear();
+    int rval;
+    ObjectWriteOperation o;
+    o.exec("hello", "write_too_much_return_data", in, &out, &rval);
+    librados::AioCompletion *completion = cluster.aio_create_completion();
+    ASSERT_EQ(0, ioctx.aio_operate("foo", completion, &o,
+				   librados::OPERATION_RETURNVEC));
+    completion->wait_for_safe();
+    ASSERT_EQ(-EOVERFLOW, completion->get_return_value());
+    ASSERT_EQ(-EOVERFLOW, rval);
+    ASSERT_EQ("", std::string(out.c_str(), out.length()));
+  }
+
   ASSERT_EQ(0, destroy_one_pool_pp(pool_name, cluster));
 }