libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()

commit f1d10e04 upstream. Allow for extending ceph_x_authorize_reply in the future. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
commit f1d10e04 upstream. Allow for extending ceph_x_authorize_reply in the future. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
14118df4 · Ilya Dryomov · Greg Kroah-Hartman · fd6cc33d · 14118df4
Commit 14118df4 authored Jul 27, 2018 by Ilya Dryomov Committed by Greg Kroah-Hartman Dec 05, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

net/ceph/auth_x.c net/ceph/auth_x.c +4 -2

No files found.
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -737,8 +737,10 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
 	ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN);
 	if (ret < 0)
 		return ret;
-	if (ret != sizeof(*reply))
-		return -EPERM;
+	if (ret < sizeof(*reply)) {
+		pr_err("bad size %d for ceph_x_authorize_reply\n", ret);
+		return -EINVAL;
+	}

 	if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))
 		ret = -EPERM;