From fbf51ba878c7a00c045fc97bf309c39b0d9c4fcc Mon Sep 17 00:00:00 2001 From: Brad Hubbard Date: Tue, 14 Jun 2016 17:34:44 +1000 Subject: [PATCH] cephx: Fix multiple segfaults due to attempts to encrypt or decrypt an empty secret and a null CryptoKeyHandler Fixes: http://tracker.ceph.com/issues/16266 Signed-off-by: Brad Hubbard (cherry picked from commit 009e777fbd18602e5fd66f97bdad95e977e6fecc) --- src/auth/Crypto.h | 2 ++ src/auth/cephx/CephxClientHandler.cc | 6 ++++++ src/auth/cephx/CephxProtocol.cc | 10 ++++++++-- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h index 3bfc5aabd17a8..478f07357160e 100644 --- a/src/auth/Crypto.h +++ b/src/auth/Crypto.h @@ -107,10 +107,12 @@ public: int create(CephContext *cct, int type); int encrypt(CephContext *cct, const bufferlist& in, bufferlist& out, std::string *error) const { + assert(ckh); // Bad key? return ckh->encrypt(in, out, error); } int decrypt(CephContext *cct, const bufferlist& in, bufferlist& out, std::string *error) const { + assert(ckh); // Bad key? return ckh->decrypt(in, out, error); } diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index ff32a425757b6..7c1f550fc81c1 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -46,6 +46,12 @@ int CephxClientHandler::build_request(bufferlist& bl) const return -ENOENT; } + // is the key OK? + if (!secret.get_secret().length()) { + ldout(cct, 20) << "secret for entity " << cct->_conf->name << " is invalid" << dendl; + return -EINVAL; + } + CephXAuthenticate req; get_random_bytes((char *)&req.client_challenge, sizeof(req.client_challenge)); std::string error; diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc index f57f06358644d..43d39b1259a48 100644 --- a/src/auth/cephx/CephxProtocol.cc +++ b/src/auth/cephx/CephxProtocol.cc @@ -61,7 +61,10 @@ bool cephx_build_service_ticket_blob(CephContext *cct, CephXSessionAuthInfo& inf << " ticket_info.ticket.name=" << ticket_info.ticket.name.to_str() << dendl; blob.secret_id = info.secret_id; std::string error; - encode_encrypt_enc_bl(cct, ticket_info, info.service_secret, blob.blob, error); + if (!info.service_secret.get_secret().length()) + error = "invalid key"; // Bad key? + else + encode_encrypt_enc_bl(cct, ticket_info, info.service_secret, blob.blob, error); if (!error.empty()) { ldout(cct, -1) << "cephx_build_service_ticket_blob failed with error " << error << dendl; @@ -429,7 +432,10 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys, } } std::string error; - decode_decrypt_enc_bl(cct, ticket_info, service_secret, ticket.blob, error); + if (!service_secret.get_secret().length()) + error = "invalid key"; // Bad key? + else + decode_decrypt_enc_bl(cct, ticket_info, service_secret, ticket.blob, error); if (!error.empty()) { ldout(cct, 0) << "verify_authorizer could not decrypt ticket info: error: " << error << dendl; -- 2.39.5