From 626e13b830c0a2f2f799be1c92a8a5be52ed8909 Mon Sep 17 00:00:00 2001 From: Ulrich Weigand Date: Fri, 3 Jul 2020 15:47:00 +0200 Subject: [PATCH] msg/msg_types: entity_addrvec_t: fix decode on big-endian hosts When decoding an entity_addrvec_t with marker 1, we just have a single (non-legacy) entity_addr_t. This should be decoded exactly the same as done by entity_addr_t::decode, but it currently is not. Specifically, the sa_family member of the sockaddr is not converted from the on-wire little-endian format to host byte order (as done by entity_addr_t::decode). Fixed by using the same code as in entity_addr_t::decode. Signed-off-by: Ulrich Weigand (cherry picked from commit 31da17378b712542e915adbf4084e0212b8bb615) --- src/msg/msg_types.cc | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/msg/msg_types.cc b/src/msg/msg_types.cc index 62ca036e2259..76b9585b394e 100644 --- a/src/msg/msg_types.cc +++ b/src/msg/msg_types.cc @@ -317,7 +317,21 @@ void entity_addrvec_t::decode(bufferlist::const_iterator& bl) __u32 elen; decode(elen, bl); if (elen) { - bl.copy(elen, (char*)addr.get_sockaddr()); + struct sockaddr *sa = (struct sockaddr *)addr.get_sockaddr(); +#if defined(__FreeBSD__) || defined(__APPLE__) + sa->sa_len = 0; +#endif + uint16_t ss_family; + if (elen < sizeof(ss_family)) { + throw ceph::buffer::malformed_input("elen smaller than family len"); + } + decode(ss_family, bl); + sa->sa_family = ss_family; + elen -= sizeof(ss_family); + if (elen > addr.get_sockaddr_len() - sizeof(sa->sa_family)) { + throw ceph::buffer::malformed_input("elen exceeds sockaddr len"); + } + bl.copy(elen, sa->sa_data); } DECODE_FINISH(bl); v.clear(); -- 2.47.3