From dcdbfe5652e36a98a572e9fc57479d1b5f25c98b Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Tue, 22 Oct 2019 07:43:14 -0500 Subject: [PATCH] auth/cephx/CephxClientHandler: handle decode errors Signed-off-by: Sage Weil --- src/auth/cephx/CephxClientHandler.cc | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index 94a9b7a0eb3..abdb2f2cc47 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -128,7 +128,13 @@ int CephxClientHandler::handle_response( if (starting) { CephXServerChallenge ch; - decode(ch, indata); + try { + decode(ch, indata); + } catch (buffer::error& e) { + ldout(cct, 1) << __func__ << " failed to decode CephXServerChallenge: " + << e.what() << dendl; + return -EPERM; + } server_challenge = ch.server_challenge; ldout(cct, 10) << " got initial server challenge " << std::hex << server_challenge << std::dec << dendl; @@ -139,7 +145,13 @@ int CephxClientHandler::handle_response( } struct CephXResponseHeader header; - decode(header, indata); + try { + decode(header, indata); + } catch (buffer::error& e) { + ldout(cct, 1) << __func__ << " failed to decode CephXResponseHeader: " + << e.what() << dendl; + return -EPERM; + } switch (header.request_type) { case CEPHX_GET_AUTH_SESSION_KEY: @@ -159,8 +171,14 @@ int CephxClientHandler::handle_response( ldout(cct, 10) << " want=" << want << " need=" << need << " have=" << have << dendl; if (!indata.end()) { bufferlist cbl, extra_tickets; - decode(cbl, indata); - decode(extra_tickets, indata); + try { + decode(cbl, indata); + decode(extra_tickets, indata); + } catch (buffer::error& e) { + ldout(cct, 1) << __func__ << " failed to decode tickets: " + << e.what() << dendl; + return -EPERM; + } ldout(cct, 10) << " got connection bl " << cbl.length() << " and extra tickets " << extra_tickets.length() << dendl; -- 2.39.5