Skip to content

Commit 818156c

Browse files
ziming zhangidryomov
ziming zhang
authored and
idryomov
committed
libceph: prevent potential out-of-bounds reads in handle_auth_done()
Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ] Cc: stable@vger.kernel.org Signed-off-by: ziming zhang <ezrakiez@gmail.com> Reviewed-by: Ilya Dryomov <idryomov@gmail.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
1 parent 9ace475 commit 818156c

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

net/ceph/messenger_v2.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2376,7 +2376,9 @@ static int process_auth_done(struct ceph_connection *con, void *p, void *end)
23762376

23772377
ceph_decode_64_safe(&p, end, global_id, bad);
23782378
ceph_decode_32_safe(&p, end, con->v2.con_mode, bad);
2379+
23792380
ceph_decode_32_safe(&p, end, payload_len, bad);
2381+
ceph_decode_need(&p, end, payload_len, bad);
23802382

23812383
dout("%s con %p global_id %llu con_mode %d payload_len %d\n",
23822384
__func__, con, global_id, con->v2.con_mode, payload_len);

0 commit comments

Comments
 (0)