From: Sage Weil Date: Tue, 22 Oct 2019 12:43:14 +0000 (-0500) Subject: auth/cephx/CephxClientHandler: handle decode errors X-Git-Tag: v15.1.0~1195^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F31052%2Fhead;p=ceph.git auth/cephx/CephxClientHandler: handle decode errors Signed-off-by: Sage Weil --- diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index 94a9b7a0eb3b9..abdb2f2cc474b 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -128,7 +128,13 @@ int CephxClientHandler::handle_response( if (starting) { CephXServerChallenge ch; - decode(ch, indata); + try { + decode(ch, indata); + } catch (buffer::error& e) { + ldout(cct, 1) << __func__ << " failed to decode CephXServerChallenge: " + << e.what() << dendl; + return -EPERM; + } server_challenge = ch.server_challenge; ldout(cct, 10) << " got initial server challenge " << std::hex << server_challenge << std::dec << dendl; @@ -139,7 +145,13 @@ int CephxClientHandler::handle_response( } struct CephXResponseHeader header; - decode(header, indata); + try { + decode(header, indata); + } catch (buffer::error& e) { + ldout(cct, 1) << __func__ << " failed to decode CephXResponseHeader: " + << e.what() << dendl; + return -EPERM; + } switch (header.request_type) { case CEPHX_GET_AUTH_SESSION_KEY: @@ -159,8 +171,14 @@ int CephxClientHandler::handle_response( ldout(cct, 10) << " want=" << want << " need=" << need << " have=" << have << dendl; if (!indata.end()) { bufferlist cbl, extra_tickets; - decode(cbl, indata); - decode(extra_tickets, indata); + try { + decode(cbl, indata); + decode(extra_tickets, indata); + } catch (buffer::error& e) { + ldout(cct, 1) << __func__ << " failed to decode tickets: " + << e.what() << dendl; + return -EPERM; + } ldout(cct, 10) << " got connection bl " << cbl.length() << " and extra tickets " << extra_tickets.length() << dendl;