From a81bd2db3af4d7b53736be8e42a3eaa53028d60c Mon Sep 17 00:00:00 2001 From: Ilya Dryomov Date: Thu, 12 Oct 2023 19:03:10 +0200 Subject: [PATCH] pybind/rbd: don't produce info on errors in aio_mirror_image_get_info() Check completion return value before attemting to decode c_info. Otherwise we are guaranteed to access invalid memory in decode_cstr() while trying to compute global_id string length when the client is blocklisted for example. Fixes: https://tracker.ceph.com/issues/63028 Signed-off-by: Ilya Dryomov --- src/pybind/rbd/rbd.pyx | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/pybind/rbd/rbd.pyx b/src/pybind/rbd/rbd.pyx index f9e5d8391d3..fcb2fb34706 100644 --- a/src/pybind/rbd/rbd.pyx +++ b/src/pybind/rbd/rbd.pyx @@ -4511,13 +4511,18 @@ written." % (self.name, ret, length)) def oncomplete_(completion_v): cdef: Completion _completion_v = completion_v - rbd_mirror_image_info_t *c_info = _completion_v.buf - info = { - 'global_id' : decode_cstr(c_info[0].global_id), - 'state' : int(c_info[0].state), - 'primary' : c_info[0].primary, - } - rbd_mirror_image_get_info_cleanup(c_info) + rbd_mirror_image_info_t *c_info + return_value = _completion_v.get_return_value() + if return_value == 0: + c_info = _completion_v.buf + info = { + 'global_id' : decode_cstr(c_info[0].global_id), + 'state' : int(c_info[0].state), + 'primary' : c_info[0].primary, + } + rbd_mirror_image_get_info_cleanup(c_info) + else: + info = None return oncomplete(_completion_v, info) completion = self.__get_completion(oncomplete_) -- 2.39.5