From 4015824f7e121bb041ed1de2292517184b5931c0 Mon Sep 17 00:00:00 2001
From: lijing <lijing@gohighsec.com>
Date: Wed, 17 Jan 2018 17:13:05 +0800
Subject: [PATCH] mon:validate hit_set values before set

Fixes: http://tracker.ceph.com/issues/22659
Signed-off-by: Jing Li lijing@gohighsec.com
---
 src/mon/OSDMonitor.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 87ab8c03afe..f58a78a13cd 100644
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -6130,18 +6130,27 @@ int OSDMonitor::prepare_command_pool_set(map<string,cmd_vartype> &cmdmap,
     if (interr.length()) {
       ss << "error parsing integer value '" << val << "': " << interr;
       return -EINVAL;
+    } else if (n < 0) {
+      ss << "hit_set_period should be non-negative";
+      return -EINVAL;
     }
     p.hit_set_period = n;
   } else if (var == "hit_set_count") {
     if (interr.length()) {
       ss << "error parsing integer value '" << val << "': " << interr;
       return -EINVAL;
+    } else if (n < 0) {
+      ss << "hit_set_count should be non-negative";
+      return -EINVAL;
     }
     p.hit_set_count = n;
   } else if (var == "hit_set_fpp") {
     if (floaterr.length()) {
       ss << "error parsing floating point value '" << val << "': " << floaterr;
       return -EINVAL;
+    } else if (f < 0 || f > 1.0) {
+      ss << "hit_set_fpp should be in the range 0..1";
+      return -EINVAL;
     }
     if (p.hit_set_params.get_type() != HitSet::TYPE_BLOOM) {
       ss << "hit set is not of type Bloom; invalid to set a false positive rate!";
-- 
2.39.5