From 7a2bb0f01eebd259ae7babbfa55cffa87afa97ad Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Thu, 14 Mar 2019 16:46:21 -0500
Subject: [PATCH] mon: do not assert on bad auth payload

If we get garbage, fail to authenticate--do not assert out and crash.

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/mon/Monitor.cc | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 70c8b5476ffd..cd4cec304e06 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6195,10 +6195,22 @@ int Monitor::handle_auth_request(
     uint8_t mode;
     EntityName entity_name;
 
-    decode(mode, p);
-    assert(mode >= AUTH_MODE_MON && mode <= AUTH_MODE_MON_MAX);
-    decode(entity_name, p);
-    decode(con->peer_global_id, p);
+    try {
+      decode(mode, p);
+      if (mode < AUTH_MODE_MON ||
+	  mode > AUTH_MODE_MON_MAX) {
+	dout(1) << __func__ << " invalid mode " << (int)mode << dendl;
+	delete auth_handler;
+	return -EACCES;
+      }
+      assert(mode >= AUTH_MODE_MON && mode <= AUTH_MODE_MON_MAX);
+      decode(entity_name, p);
+      decode(con->peer_global_id, p);
+    } catch (buffer::error& e) {
+      dout(1) << __func__ << " failed to decode, " << e.what() << dendl;
+      delete auth_handler;
+      return -EACCES;
+    }
 
     // supported method?
     if (entity_name.get_type() == CEPH_ENTITY_TYPE_MON ||
-- 
2.47.3