From f82f8886096b082671b58654c4eb30429785cddc Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Wed, 6 Mar 2019 17:40:48 -0600 Subject: [PATCH] msg/async/ProtocolV1: fix locking around authorizer_buf Fix two problems: - we are accessing authorizer_buf without the connection lock, and under the lock we are modifying it (in connect()). - if we receive two connect_msg's with a different length, we won't have a buffer that's large enough. Fixes: http://tracker.ceph.com/issues/38524 Signed-off-by: Sage Weil --- src/msg/async/ProtocolV1.cc | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/msg/async/ProtocolV1.cc b/src/msg/async/ProtocolV1.cc index 7fbd5c67c5896..3857ed5c14d08 100644 --- a/src/msg/async/ProtocolV1.cc +++ b/src/msg/async/ProtocolV1.cc @@ -1827,10 +1827,8 @@ CtPtr ProtocolV1::handle_connect_message_1(char *buffer, int r) { CtPtr ProtocolV1::wait_connect_message_auth() { ldout(cct, 20) << __func__ << dendl; - - if (!authorizer_buf.length()) { - authorizer_buf.push_back(buffer::create(connect_msg.authorizer_len)); - } + authorizer_buf.clear(); + authorizer_buf.push_back(buffer::create(connect_msg.authorizer_len)); return READB(connect_msg.authorizer_len, authorizer_buf.c_str(), handle_connect_message_auth); } @@ -1914,17 +1912,18 @@ CtPtr ProtocolV1::handle_connect_message_2() { authorizer_reply); } + bufferlist auth_bl_copy = authorizer_buf; connection->lock.unlock(); ldout(cct,10) << __func__ << " authorizor_protocol " << connect_msg.authorizer_protocol - << " len " << authorizer_buf.length() + << " len " << auth_bl_copy.length() << dendl; bool authorizer_valid; bool need_challenge = HAVE_FEATURE(connect_msg.features, CEPHX_V2); bool had_challenge = (bool)authorizer_challenge; if (!messenger->ms_deliver_verify_authorizer( connection, connection->peer_type, connect_msg.authorizer_protocol, - authorizer_buf, authorizer_reply, authorizer_valid, session_key, + auth_bl_copy, authorizer_reply, authorizer_valid, session_key, nullptr /* connection_secret */, need_challenge ? &authorizer_challenge : nullptr) || !authorizer_valid) { -- 2.39.5