summaryrefslogtreecommitdiffstats
path: root/net/ceph/messenger_v2.c
diff options
context:
space:
mode:
authorIlya Dryomov <idryomov@gmail.com>2020-12-15 16:40:59 +0100
committerIlya Dryomov <idryomov@gmail.com>2020-12-28 20:34:32 +0100
commitad32fe8801c38f7b1a8b3814bd1f006cb2b5e781 (patch)
tree46228c2e49170ff805d30480189fdd0025cd780b /net/ceph/messenger_v2.c
parentceph: reencode gid_list when reconnecting (diff)
downloadlinux-ad32fe8801c38f7b1a8b3814bd1f006cb2b5e781.tar.xz
linux-ad32fe8801c38f7b1a8b3814bd1f006cb2b5e781.zip
libceph: fix auth_signature buffer allocation in secure mode
auth_signature frame is 68 bytes in plain mode and 96 bytes in secure mode but we are requesting 68 bytes in both modes. By luck, this doesn't actually result in any invalid memory accesses because the allocation is satisfied out of kmalloc-96 slab and so exactly 96 bytes are allocated, but KASAN rightfully complains. Fixes: cd1a677cad99 ("libceph, ceph: implement msgr2.1 protocol (crc and secure modes)") Reported-by: Luis Henriques <lhenriques@suse.de> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to '')
-rw-r--r--net/ceph/messenger_v2.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ceph/messenger_v2.c b/net/ceph/messenger_v2.c
index c1ebb2aa08b5..4f938fc8deaf 100644
--- a/net/ceph/messenger_v2.c
+++ b/net/ceph/messenger_v2.c
@@ -1333,7 +1333,8 @@ static int prepare_auth_signature(struct ceph_connection *con)
void *buf;
int ret;
- buf = alloc_conn_buf(con, head_onwire_len(SHA256_DIGEST_SIZE, false));
+ buf = alloc_conn_buf(con, head_onwire_len(SHA256_DIGEST_SIZE,
+ con_secure(con)));
if (!buf)
return -ENOMEM;