libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()

commit f1d10e04637924f2b00a0fecdd2ca4565f5cfc3f upstream. Allow for extending ceph_x_authorize_reply in the future. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> Reviewed-by: Sage Weil <sage@redhat.com> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Ilya Dryomov <idryomov@gmail.com> 2018-07-27 19:45:36 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-12-08 13:05:10 +0100
commit: 985a55126453f55299cc55fcfffbeb157eb42c59 (patch)
tree: 3fb4b849e65990e97ca69af5e827dabb4f3808e6 /net
parent: 18a23fb2632030888fc56a7df73a80f57445718f (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index fb1dec941aba..29e23b5cb2ed 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -733,8 +733,10 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
 	ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN);
 	if (ret < 0)
 		return ret;
-	if (ret != sizeof(*reply))
-		return -EPERM;
+	if (ret < sizeof(*reply)) {
+		pr_err("bad size %d for ceph_x_authorize_reply\n", ret);
+		return -EINVAL;
+	}
 
 	if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))
 		ret = -EPERM;
author	Ilya Dryomov <idryomov@gmail.com>	2018-07-27 19:45:36 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-12-08 13:05:10 +0100
commit	985a55126453f55299cc55fcfffbeb157eb42c59 (patch)
tree	3fb4b849e65990e97ca69af5e827dabb4f3808e6 /net
parent	18a23fb2632030888fc56a7df73a80f57445718f (diff)