| Message ID | 1495557238-1077-5-git-send-email-idryomov@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 05/23/2017 11:33 AM, Ilya Dryomov wrote: > None of these are validated in userspace, but since we do validate > reply_struct_v in ceph_x_proc_ticket_reply(), tkt_struct_v (first) and > CephXServiceTicket struct_v (second) in process_one_ticket(), validate > CephXTicketBlob struct_v as well. > > Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Looks good. (I don't know what's valid but I know you do.) Reviewed-by: Alex Elder <elder@linaro.org> > --- > net/ceph/auth_x.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c > index 2034fb926670..d0126df33f1f 100644 > --- a/net/ceph/auth_x.c > +++ b/net/ceph/auth_x.c > @@ -215,6 +215,9 @@ static int process_one_ticket(struct ceph_auth_client *ac, > dout(" ticket blob is %d bytes\n", dlen); > ceph_decode_need(ptp, tpend, 1 + sizeof(u64), bad); > blob_struct_v = ceph_decode_8(ptp); > + if (blob_struct_v != 1) > + goto bad; > + > new_secret_id = ceph_decode_64(ptp); > ret = ceph_decode_buffer(&new_ticket_blob, ptp, tpend); > if (ret) > -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, May 23, 2017 at 7:44 PM, Alex Elder <elder@ieee.org> wrote: > On 05/23/2017 11:33 AM, Ilya Dryomov wrote: >> None of these are validated in userspace, but since we do validate >> reply_struct_v in ceph_x_proc_ticket_reply(), tkt_struct_v (first) and >> CephXServiceTicket struct_v (second) in process_one_ticket(), validate >> CephXTicketBlob struct_v as well. >> >> Signed-off-by: Ilya Dryomov <idryomov@gmail.com> > > Looks good. (I don't know what's valid but I know you do.) All those auth structs are v1. Thanks for the review! Ilya -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 2034fb926670..d0126df33f1f 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c @@ -215,6 +215,9 @@ static int process_one_ticket(struct ceph_auth_client *ac, dout(" ticket blob is %d bytes\n", dlen); ceph_decode_need(ptp, tpend, 1 + sizeof(u64), bad); blob_struct_v = ceph_decode_8(ptp); + if (blob_struct_v != 1) + goto bad; + new_secret_id = ceph_decode_64(ptp); ret = ceph_decode_buffer(&new_ticket_blob, ptp, tpend); if (ret)
None of these are validated in userspace, but since we do validate reply_struct_v in ceph_x_proc_ticket_reply(), tkt_struct_v (first) and CephXServiceTicket struct_v (second) in process_one_ticket(), validate CephXTicketBlob struct_v as well. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> --- net/ceph/auth_x.c | 3 +++ 1 file changed, 3 insertions(+)