Commit 807c86e2 authored by Sage Weil's avatar Sage Weil

ceph: fix authenticator buffer size calculation

The buffer size was incorrectly calculated for the ceph_x_encrypt()
encapsulated ticket blob.  Use a helper (with correct arithmetic) and
BUG out if we were wrong.
Signed-off-by: default avatarSage Weil <sage@newdream.net>
parent 63733a0f
...@@ -28,6 +28,12 @@ static int ceph_x_is_authenticated(struct ceph_auth_client *ac) ...@@ -28,6 +28,12 @@ static int ceph_x_is_authenticated(struct ceph_auth_client *ac)
return (ac->want_keys & xi->have_keys) == ac->want_keys; return (ac->want_keys & xi->have_keys) == ac->want_keys;
} }
static int ceph_x_encrypt_buflen(int ilen)
{
return sizeof(struct ceph_x_encrypt_header) + ilen + 16 +
sizeof(u32);
}
static int ceph_x_encrypt(struct ceph_crypto_key *secret, static int ceph_x_encrypt(struct ceph_crypto_key *secret,
void *ibuf, int ilen, void *obuf, size_t olen) void *ibuf, int ilen, void *obuf, size_t olen)
{ {
...@@ -242,7 +248,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, ...@@ -242,7 +248,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
struct ceph_x_ticket_handler *th, struct ceph_x_ticket_handler *th,
struct ceph_x_authorizer *au) struct ceph_x_authorizer *au)
{ {
int len; int maxlen;
struct ceph_x_authorize_a *msg_a; struct ceph_x_authorize_a *msg_a;
struct ceph_x_authorize_b msg_b; struct ceph_x_authorize_b msg_b;
void *p, *end; void *p, *end;
...@@ -253,15 +259,15 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, ...@@ -253,15 +259,15 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
dout("build_authorizer for %s %p\n", dout("build_authorizer for %s %p\n",
ceph_entity_type_name(th->service), au); ceph_entity_type_name(th->service), au);
len = sizeof(*msg_a) + sizeof(msg_b) + sizeof(u32) + maxlen = sizeof(*msg_a) + sizeof(msg_b) +
ticket_blob_len + 16; ceph_x_encrypt_buflen(ticket_blob_len);
dout(" need len %d\n", len); dout(" need len %d\n", maxlen);
if (au->buf && au->buf->alloc_len < len) { if (au->buf && au->buf->alloc_len < maxlen) {
ceph_buffer_put(au->buf); ceph_buffer_put(au->buf);
au->buf = NULL; au->buf = NULL;
} }
if (!au->buf) { if (!au->buf) {
au->buf = ceph_buffer_new(len, GFP_NOFS); au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
if (!au->buf) if (!au->buf)
return -ENOMEM; return -ENOMEM;
} }
...@@ -296,6 +302,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, ...@@ -296,6 +302,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
au->buf->vec.iov_len = p - au->buf->vec.iov_base; au->buf->vec.iov_len = p - au->buf->vec.iov_base;
dout(" built authorizer nonce %llx len %d\n", au->nonce, dout(" built authorizer nonce %llx len %d\n", au->nonce,
(int)au->buf->vec.iov_len); (int)au->buf->vec.iov_len);
BUG_ON(au->buf->vec.iov_len > maxlen);
return 0; return 0;
out_buf: out_buf:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment