From fe5c0cd9a98ab5c02f6c4e88121b77aa8f013900 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@inktank.com>
Date: Mon, 9 Jul 2012 13:22:42 -0700
Subject: [PATCH] osd: guard class call decoding

Backport: argonaut
Signed-off-by: Sage Weil <sage@inktank.com>
---
 src/osd/ReplicatedPG.cc | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/osd/ReplicatedPG.cc b/src/osd/ReplicatedPG.cc
index 72a1a1a10bf09..54a2a785d8578 100644
--- a/src/osd/ReplicatedPG.cc
+++ b/src/osd/ReplicatedPG.cc
@@ -1808,11 +1808,19 @@ int ReplicatedPG::do_osd_ops(OpContext *ctx, vector<OSDOp>& ops)
     case CEPH_OSD_OP_CALL:
       {
 	string cname, mname;
-	bp.copy(op.cls.class_len, cname);
-	bp.copy(op.cls.method_len, mname);
-
 	bufferlist indata;
-	bp.copy(op.cls.indata_len, indata);
+	try {
+	  bp.copy(op.cls.class_len, cname);
+	  bp.copy(op.cls.method_len, mname);
+	  bp.copy(op.cls.indata_len, indata);
+	} catch (buffer::error& e) {
+	  dout(10) << "call unable to decode class + method + indata" << dendl;
+	  dout(30) << "in dump: ";
+	  osd_op.indata.hexdump(*_dout);
+	  *_dout << dendl;
+	  result = -EINVAL;
+	  break;
+	}
 
 	ClassHandler::ClassData *cls;
 	result = osd->class_handler->open_class(cname, &cls);
@@ -1835,6 +1843,9 @@ int ReplicatedPG::do_osd_ops(OpContext *ctx, vector<OSDOp>& ops)
 	dout(10) << "method called response length=" << outdata.length() << dendl;
 	op.extent.length = outdata.length();
 	osd_op.outdata.claim_append(outdata);
+	dout(30) << "out dump: ";
+	osd_op.outdata.hexdump(*_dout);
+	*_dout << dendl;
       }
       break;
 
-- 
2.39.5