diff options
| author | Ilya Dryomov <idryomov@gmail.com> | 2020-12-15 16:40:59 +0100 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@gmail.com> | 2020-12-28 20:34:32 +0100 |
| commit | ad32fe8801c38f7b1a8b3814bd1f006cb2b5e781 (patch) | |
| tree | 46228c2e49170ff805d30480189fdd0025cd780b /net/ceph | |
| parent | 60267ba35c744d851dcd2d22ebaa240ca6aaa15f (diff) | |
| download | linux-ad32fe8801c38f7b1a8b3814bd1f006cb2b5e781.tar.gz linux-ad32fe8801c38f7b1a8b3814bd1f006cb2b5e781.tar.bz2 linux-ad32fe8801c38f7b1a8b3814bd1f006cb2b5e781.zip | |
libceph: fix auth_signature buffer allocation in secure mode
auth_signature frame is 68 bytes in plain mode and 96 bytes in
secure mode but we are requesting 68 bytes in both modes. By luck,
this doesn't actually result in any invalid memory accesses because
the allocation is satisfied out of kmalloc-96 slab and so exactly
96 bytes are allocated, but KASAN rightfully complains.
Fixes: cd1a677cad99 ("libceph, ceph: implement msgr2.1 protocol (crc and secure modes)")
Reported-by: Luis Henriques <lhenriques@suse.de>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'net/ceph')
| -rw-r--r-- | net/ceph/messenger_v2.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c index c1ebb2aa08b5..4f938fc8deaf 100644 --- a/net/ceph/messenger_v2.c +++ b/net/ceph/messenger_v2.c @@ -1333,7 +1333,8 @@ static int prepare_auth_signature(struct ceph_connection *con) void *buf; int ret; - buf = alloc_conn_buf(con, head_onwire_len(SHA256_DIGEST_SIZE, false)); + buf = alloc_conn_buf(con, head_onwire_len(SHA256_DIGEST_SIZE, + con_secure(con))); if (!buf) return -ENOMEM; |