From 4e8d745c594db18b4119ddf83047014917f437da Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Tue, 22 Oct 2019 07:37:32 -0500 Subject: [PATCH] auth/cephx/CephxServiceHandler: handle decode errors Decode errors should trigger EPERM, not throw exceptions that trigger timeouts/retries in the messenger. Fixes: https://tracker.ceph.com/issues/42369 Signed-off-by: Sage Weil --- src/auth/cephx/CephxServiceHandler.cc | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc index a34f0b4ee30..27c3e9f8f44 100644 --- a/src/auth/cephx/CephxServiceHandler.cc +++ b/src/auth/cephx/CephxServiceHandler.cc @@ -61,7 +61,13 @@ int CephxServiceHandler::handle_request( int ret = 0; struct CephXRequestHeader cephx_header; - decode(cephx_header, indata); + try { + decode(cephx_header, indata); + } catch (buffer::error& e) { + ldout(cct, 0) << __func__ << " failed to decode CephXRequestHeader: " + << e.what() << dendl; + return -EPERM; + } switch (cephx_header.request_type) { case CEPHX_GET_AUTH_SESSION_KEY: @@ -70,7 +76,14 @@ int CephxServiceHandler::handle_request( << entity_name << dendl; CephXAuthenticate req; - decode(req, indata); + try { + decode(req, indata); + } catch (buffer::error& e) { + ldout(cct, 0) << __func__ << " failed to decode CephXAuthenticate: " + << e.what() << dendl; + ret = -EPERM; + break; + } CryptoKey secret; if (!key_server->get_secret(entity_name, secret)) { @@ -234,7 +247,15 @@ int CephxServiceHandler::handle_request( } CephXServiceTicketRequest ticket_req; - decode(ticket_req, indata); + try { + decode(ticket_req, indata); + } catch (buffer::error& e) { + ldout(cct, 0) << __func__ + << " failed to decode CephXServiceTicketRequest: " + << e.what() << dendl; + ret = -EPERM; + break; + } ldout(cct, 10) << " ticket_req.keys = " << ticket_req.keys << dendl; ret = 0; -- 2.39.5