From 01a2719549a199bad33634081fa9a87d37cb9557 Mon Sep 17 00:00:00 2001 From: Mykola Golub Date: Mon, 19 Feb 2018 12:30:33 +0200 Subject: [PATCH] librbd: fix structure size check in rbd_mirror_image_get_info/status Signed-off-by: Mykola Golub --- src/librbd/api/Mirror.cc | 22 +++++---------- src/librbd/api/Mirror.h | 10 +++---- src/librbd/librbd.cc | 58 +++++++++++++++++++++++++++------------- 3 files changed, 50 insertions(+), 40 deletions(-) diff --git a/src/librbd/api/Mirror.cc b/src/librbd/api/Mirror.cc index 560cfde5f263..9f0d8d53a5de 100644 --- a/src/librbd/api/Mirror.cc +++ b/src/librbd/api/Mirror.cc @@ -408,13 +408,9 @@ int Mirror::image_resync(I *ictx) { template void Mirror::image_get_info(I *ictx, mirror_image_info_t *mirror_image_info, - size_t info_size, Context *on_finish) { + Context *on_finish) { CephContext *cct = ictx->cct; ldout(cct, 20) << "ictx=" << ictx << dendl; - if (info_size < sizeof(mirror_image_info_t)) { - on_finish->complete(-ERANGE); - return; - } auto ctx = new C_ImageGetInfo(mirror_image_info, on_finish); auto req = mirror::GetInfoRequest::create(*ictx, &ctx->mirror_image, @@ -424,10 +420,9 @@ void Mirror::image_get_info(I *ictx, mirror_image_info_t *mirror_image_info, } template -int Mirror::image_get_info(I *ictx, mirror_image_info_t *mirror_image_info, - size_t info_size) { +int Mirror::image_get_info(I *ictx, mirror_image_info_t *mirror_image_info) { C_SaferCond ctx; - image_get_info(ictx, mirror_image_info, info_size, &ctx); + image_get_info(ictx, mirror_image_info, &ctx); int r = ctx.wait(); if (r < 0) { @@ -438,13 +433,9 @@ int Mirror::image_get_info(I *ictx, mirror_image_info_t *mirror_image_info, template void Mirror::image_get_status(I *ictx, mirror_image_status_t *status, - size_t status_size, Context *on_finish) { + Context *on_finish) { CephContext *cct = ictx->cct; ldout(cct, 20) << "ictx=" << ictx << dendl; - if (status_size < sizeof(mirror_image_status_t)) { - on_finish->complete(-ERANGE); - return; - } auto ctx = new C_ImageGetStatus(ictx->name, status, on_finish); auto req = mirror::GetStatusRequest::create( @@ -454,10 +445,9 @@ void Mirror::image_get_status(I *ictx, mirror_image_status_t *status, } template -int Mirror::image_get_status(I *ictx, mirror_image_status_t *status, - size_t status_size) { +int Mirror::image_get_status(I *ictx, mirror_image_status_t *status) { C_SaferCond ctx; - image_get_status(ictx, status, status_size, &ctx); + image_get_status(ictx, status, &ctx); int r = ctx.wait(); if (r < 0) { diff --git a/src/librbd/api/Mirror.h b/src/librbd/api/Mirror.h index 08f7ec888b98..a889e4b425cf 100644 --- a/src/librbd/api/Mirror.h +++ b/src/librbd/api/Mirror.h @@ -50,15 +50,13 @@ struct Mirror { static void image_demote(ImageCtxT *ictx, Context *on_finish); static int image_resync(ImageCtxT *ictx); static int image_get_info(ImageCtxT *ictx, - mirror_image_info_t *mirror_image_info, - size_t info_size); + mirror_image_info_t *mirror_image_info); static void image_get_info(ImageCtxT *ictx, mirror_image_info_t *mirror_image_info, - size_t info_size, Context *on_finish); - static int image_get_status(ImageCtxT *ictx, mirror_image_status_t *status, - size_t status_size); + Context *on_finish); + static int image_get_status(ImageCtxT *ictx, mirror_image_status_t *status); static void image_get_status(ImageCtxT *ictx, mirror_image_status_t *status, - size_t status_size, Context *on_finish); + Context *on_finish); }; diff --git a/src/librbd/librbd.cc b/src/librbd/librbd.cc index e684ace54c54..cdcc11298161 100644 --- a/src/librbd/librbd.cc +++ b/src/librbd/librbd.cc @@ -2056,15 +2056,23 @@ namespace librbd { int Image::mirror_image_get_info(mirror_image_info_t *mirror_image_info, size_t info_size) { ImageCtx *ictx = (ImageCtx *)ctx; - return librbd::api::Mirror<>::image_get_info(ictx, mirror_image_info, - info_size); + + if (sizeof(mirror_image_info_t) != info_size) { + return -ERANGE; + } + + return librbd::api::Mirror<>::image_get_info(ictx, mirror_image_info); } int Image::mirror_image_get_status(mirror_image_status_t *mirror_image_status, size_t status_size) { ImageCtx *ictx = (ImageCtx *)ctx; - return librbd::api::Mirror<>::image_get_status(ictx, mirror_image_status, - status_size); + + if (sizeof(mirror_image_status_t) != status_size) { + return -ERANGE; + } + + return librbd::api::Mirror<>::image_get_status(ictx, mirror_image_status); } int Image::aio_mirror_image_promote(bool force, RBD::AioCompletion *c) { @@ -2087,8 +2095,13 @@ namespace librbd { size_t info_size, RBD::AioCompletion *c) { ImageCtx *ictx = (ImageCtx *)ctx; + + if (sizeof(mirror_image_info_t) != info_size) { + return -ERANGE; + } + librbd::api::Mirror<>::image_get_info( - ictx, mirror_image_info, info_size, + ictx, mirror_image_info, new C_AioCompletion(ictx, librbd::io::AIO_TYPE_GENERIC, get_aio_completion(c))); return 0; @@ -2098,10 +2111,14 @@ namespace librbd { size_t status_size, RBD::AioCompletion *c) { ImageCtx *ictx = (ImageCtx *)ctx; + + if (sizeof(mirror_image_status_t) != status_size) { + return -ERANGE; + } + librbd::api::Mirror<>::image_get_status( - ictx, status, status_size, - new C_AioCompletion(ictx, librbd::io::AIO_TYPE_GENERIC, - get_aio_completion(c))); + ictx, status, new C_AioCompletion(ictx, librbd::io::AIO_TYPE_GENERIC, + get_aio_completion(c))); return 0; } @@ -4302,9 +4319,12 @@ extern "C" int rbd_mirror_image_get_info(rbd_image_t image, { librbd::ImageCtx *ictx = (librbd::ImageCtx *)image; + if (sizeof(rbd_mirror_image_info_t) != info_size) { + return -ERANGE; + } + librbd::mirror_image_info_t cpp_mirror_image; - int r = librbd::api::Mirror<>::image_get_info(ictx, &cpp_mirror_image, - sizeof(cpp_mirror_image)); + int r = librbd::api::Mirror<>::image_get_info(ictx, &cpp_mirror_image); if (r < 0) { return r; } @@ -4319,9 +4339,12 @@ extern "C" int rbd_mirror_image_get_status(rbd_image_t image, { librbd::ImageCtx *ictx = (librbd::ImageCtx *)image; + if (sizeof(rbd_mirror_image_status_t) != status_size) { + return -ERANGE; + } + librbd::mirror_image_status_t cpp_status; - int r = librbd::api::Mirror<>::image_get_status(ictx, &cpp_status, - sizeof(cpp_status)); + int r = librbd::api::Mirror<>::image_get_status(ictx, &cpp_status); if (r < 0) { return r; } @@ -4357,7 +4380,7 @@ extern "C" int rbd_aio_mirror_image_get_info(rbd_image_t image, librbd::ImageCtx *ictx = (librbd::ImageCtx *)image; librbd::RBD::AioCompletion *comp = (librbd::RBD::AioCompletion *)c; - if (sizeof(rbd_mirror_image_info_t) > info_size) { + if (sizeof(rbd_mirror_image_info_t) != info_size) { return -ERANGE; } @@ -4365,7 +4388,7 @@ extern "C" int rbd_aio_mirror_image_get_info(rbd_image_t image, info, new C_AioCompletion(ictx, librbd::io::AIO_TYPE_GENERIC, get_aio_completion(comp))); librbd::api::Mirror<>::image_get_info( - ictx, &ctx->cpp_mirror_image_info, sizeof(ctx->cpp_mirror_image_info), ctx); + ictx, &ctx->cpp_mirror_image_info, ctx); return 0; } @@ -4376,16 +4399,15 @@ extern "C" int rbd_aio_mirror_image_get_status(rbd_image_t image, librbd::ImageCtx *ictx = (librbd::ImageCtx *)image; librbd::RBD::AioCompletion *comp = (librbd::RBD::AioCompletion *)c; - if (sizeof(rbd_mirror_image_status_t) > status_size) { + if (sizeof(rbd_mirror_image_status_t) != status_size) { return -ERANGE; } auto ctx = new C_MirrorImageGetStatus( status, new C_AioCompletion(ictx, librbd::io::AIO_TYPE_GENERIC, get_aio_completion(comp))); - librbd::api::Mirror<>::image_get_status( - ictx, &ctx->cpp_mirror_image_status, sizeof(ctx->cpp_mirror_image_status), - ctx); + librbd::api::Mirror<>::image_get_status(ictx, &ctx->cpp_mirror_image_status, + ctx); return 0; } -- 2.47.3