mon: do not assert on bad auth payload

If we get garbage, fail to authenticate--do not assert out and crash. Signed-off-by: Sage Weil <sage@redhat.com>
author: Sage Weil <sage@redhat.com> 2019-03-14 22:46:21 +0100
committer: Sage Weil <sage@redhat.com> 2019-03-15 13:07:07 +0100
commit: 7a2bb0f01eebd259ae7babbfa55cffa87afa97ad (patch)
tree: 3e8953df4c7b9e2ad2c5956597e8759bbbcfcffc
parent: Merge pull request #26738 from votdev/fix_docs (diff)
download: ceph-7a2bb0f01eebd259ae7babbfa55cffa87afa97ad.tar.xz
ceph-7a2bb0f01eebd259ae7babbfa55cffa87afa97ad.zip
1 files changed, 16 insertions, 4 deletions
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 70c8b5476ff..cd4cec304e0 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6195,10 +6195,22 @@ int Monitor::handle_auth_request(
     uint8_t mode;
     EntityName entity_name;
 
-    decode(mode, p);
-    assert(mode >= AUTH_MODE_MON && mode <= AUTH_MODE_MON_MAX);
-    decode(entity_name, p);
-    decode(con->peer_global_id, p);
+    try {
+      decode(mode, p);
+      if (mode < AUTH_MODE_MON ||
+	  mode > AUTH_MODE_MON_MAX) {
+	dout(1) << __func__ << " invalid mode " << (int)mode << dendl;
+	delete auth_handler;
+	return -EACCES;
+      }
+      assert(mode >= AUTH_MODE_MON && mode <= AUTH_MODE_MON_MAX);
+      decode(entity_name, p);
+      decode(con->peer_global_id, p);
+    } catch (buffer::error& e) {
+      dout(1) << __func__ << " failed to decode, " << e.what() << dendl;
+      delete auth_handler;
+      return -EACCES;
+    }
 
     // supported method?
     if (entity_name.get_type() == CEPH_ENTITY_TYPE_MON ||
author	Sage Weil <sage@redhat.com>	2019-03-14 22:46:21 +0100
committer	Sage Weil <sage@redhat.com>	2019-03-15 13:07:07 +0100
commit	7a2bb0f01eebd259ae7babbfa55cffa87afa97ad (patch)
tree	3e8953df4c7b9e2ad2c5956597e8759bbbcfcffc
parent	Merge pull request #26738 from votdev/fix_docs (diff)
download	ceph-7a2bb0f01eebd259ae7babbfa55cffa87afa97ad.tar.xz ceph-7a2bb0f01eebd259ae7babbfa55cffa87afa97ad.zip