From d959735a7d684018df564573a2ff88092d870fc1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Piotr=20Da=C5=82ek?= Date: Fri, 16 Jun 2017 13:10:36 +0200 Subject: [PATCH] messages/MOSDPing: fix the inflation amount calculation MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If user specifies a min_message_size small enough (or zero to disable it altogether), OSDs will crash and burn while trying to allocate almost 4GB of payload (both min_message_size and payload.length() are unsigned, so it'll roll over back to 4GB and MAX(4GB, 0) will use 4GB). If the size of dummy payload is 0, don't bother constructing bufferptr and bufferlist, then encoding that. Signed-off-by: Piotr Dałek --- src/messages/MOSDPing.h | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/src/messages/MOSDPing.h b/src/messages/MOSDPing.h index 22d24d6aae7..a1e18c160a0 100644 --- a/src/messages/MOSDPing.h +++ b/src/messages/MOSDPing.h @@ -100,21 +100,26 @@ public: ::encode(peer_stat, payload); ::encode(stamp, payload); - bufferlist pad; - size_t s = MAX(min_message_size - payload.length(), 0); - // this should be big enough for normal min_message padding sizes. since - // we are targetting jumbo ethernet frames around 9000 bytes, 16k should - // be more than sufficient! the compiler will statically zero this so - // that at runtime we are only adding a bufferptr reference to it. - static char zeros[16384] = {}; - while (s > sizeof(zeros)) { - pad.append(buffer::create_static(sizeof(zeros), zeros)); - s -= sizeof(zeros); - } + size_t s = 0; + if (min_message_size > payload.length()) + s = min_message_size - payload.length(); + ::encode((uint32_t)s, payload); if (s) { - pad.append(buffer::create_static(s, zeros)); + bufferlist pad; + // this should be big enough for normal min_message padding sizes. since + // we are targetting jumbo ethernet frames around 9000 bytes, 16k should + // be more than sufficient! the compiler will statically zero this so + // that at runtime we are only adding a bufferptr reference to it. + static char zeros[16384] = {}; + while (s > sizeof(zeros)) { + pad.append(buffer::create_static(sizeof(zeros), zeros)); + s -= sizeof(zeros); + } + if (s) { + pad.append(buffer::create_static(s, zeros)); + } + ::encode(pad, payload); } - ::encode(pad, payload); } const char *get_type_name() const override { return "osd_ping"; } -- 2.39.5