diff options
author | Sage Weil <sage@newdream.net> | 2010-03-15 18:52:17 -0400 |
---|---|---|
committer | Sage Weil <sage@newdream.net> | 2010-03-21 00:33:10 -0400 |
commit | 807c86e2ceba8febe79b289d50cd0d5e0b0af917 (patch) | |
tree | ff7ef8edfd4aab41ea32e735afc9c7fd4eb8f35a | |
parent | 63733a0fc55cca74b1911769633dc5dfd1a45907 (diff) |
ceph: fix authenticator buffer size calculation
The buffer size was incorrectly calculated for the ceph_x_encrypt()
encapsulated ticket blob. Use a helper (with correct arithmetic) and
BUG out if we were wrong.
Signed-off-by: Sage Weil <sage@newdream.net>
-rw-r--r-- | fs/ceph/auth_x.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/fs/ceph/auth_x.c b/fs/ceph/auth_x.c index f0318427b6da..96e7aaa77678 100644 --- a/fs/ceph/auth_x.c +++ b/fs/ceph/auth_x.c | |||
@@ -28,6 +28,12 @@ static int ceph_x_is_authenticated(struct ceph_auth_client *ac) | |||
28 | return (ac->want_keys & xi->have_keys) == ac->want_keys; | 28 | return (ac->want_keys & xi->have_keys) == ac->want_keys; |
29 | } | 29 | } |
30 | 30 | ||
31 | static int ceph_x_encrypt_buflen(int ilen) | ||
32 | { | ||
33 | return sizeof(struct ceph_x_encrypt_header) + ilen + 16 + | ||
34 | sizeof(u32); | ||
35 | } | ||
36 | |||
31 | static int ceph_x_encrypt(struct ceph_crypto_key *secret, | 37 | static int ceph_x_encrypt(struct ceph_crypto_key *secret, |
32 | void *ibuf, int ilen, void *obuf, size_t olen) | 38 | void *ibuf, int ilen, void *obuf, size_t olen) |
33 | { | 39 | { |
@@ -242,7 +248,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, | |||
242 | struct ceph_x_ticket_handler *th, | 248 | struct ceph_x_ticket_handler *th, |
243 | struct ceph_x_authorizer *au) | 249 | struct ceph_x_authorizer *au) |
244 | { | 250 | { |
245 | int len; | 251 | int maxlen; |
246 | struct ceph_x_authorize_a *msg_a; | 252 | struct ceph_x_authorize_a *msg_a; |
247 | struct ceph_x_authorize_b msg_b; | 253 | struct ceph_x_authorize_b msg_b; |
248 | void *p, *end; | 254 | void *p, *end; |
@@ -253,15 +259,15 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, | |||
253 | dout("build_authorizer for %s %p\n", | 259 | dout("build_authorizer for %s %p\n", |
254 | ceph_entity_type_name(th->service), au); | 260 | ceph_entity_type_name(th->service), au); |
255 | 261 | ||
256 | len = sizeof(*msg_a) + sizeof(msg_b) + sizeof(u32) + | 262 | maxlen = sizeof(*msg_a) + sizeof(msg_b) + |
257 | ticket_blob_len + 16; | 263 | ceph_x_encrypt_buflen(ticket_blob_len); |
258 | dout(" need len %d\n", len); | 264 | dout(" need len %d\n", maxlen); |
259 | if (au->buf && au->buf->alloc_len < len) { | 265 | if (au->buf && au->buf->alloc_len < maxlen) { |
260 | ceph_buffer_put(au->buf); | 266 | ceph_buffer_put(au->buf); |
261 | au->buf = NULL; | 267 | au->buf = NULL; |
262 | } | 268 | } |
263 | if (!au->buf) { | 269 | if (!au->buf) { |
264 | au->buf = ceph_buffer_new(len, GFP_NOFS); | 270 | au->buf = ceph_buffer_new(maxlen, GFP_NOFS); |
265 | if (!au->buf) | 271 | if (!au->buf) |
266 | return -ENOMEM; | 272 | return -ENOMEM; |
267 | } | 273 | } |
@@ -296,6 +302,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, | |||
296 | au->buf->vec.iov_len = p - au->buf->vec.iov_base; | 302 | au->buf->vec.iov_len = p - au->buf->vec.iov_base; |
297 | dout(" built authorizer nonce %llx len %d\n", au->nonce, | 303 | dout(" built authorizer nonce %llx len %d\n", au->nonce, |
298 | (int)au->buf->vec.iov_len); | 304 | (int)au->buf->vec.iov_len); |
305 | BUG_ON(au->buf->vec.iov_len > maxlen); | ||
299 | return 0; | 306 | return 0; |
300 | 307 | ||
301 | out_buf: | 308 | out_buf: |