Skip to content

Auth crash fix#6698

Merged
liewegas merged 3 commits into
ceph:masterfrom
mathslinux:auth-crash-fix
Dec 11, 2015
Merged

Auth crash fix#6698
liewegas merged 3 commits into
ceph:masterfrom
mathslinux:auth-crash-fix

Conversation

@mathslinux

Copy link
Copy Markdown
Contributor

No description provided.

@loic-bot

Copy link
Copy Markdown

Comment thread src/auth/Crypto.cc Outdated

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch ! You could just remove this one instead so there is only one call ?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dachary nop, PK11_DestroyContext() should be called before this function exit.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dachary it's my fault that i misunderstand, you are right, just removing PK11_DestroyContext() is enough. I have just updated pull request.

@ghost ghost self-assigned this Nov 25, 2015
Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
In this case(e.g. user passes wrong key), attempts to call the CryptoKey.ckh will lead to a segfault.

This patch fixes crash issue like following:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffed10e700 (LWP 25051)]
0x00007ffff59896c6 in CryptoKey::encrypt (this=0x7fffed10d4f0, cct=0x555555829c30, in=..., out=..., error=0x7fffed10d440) at auth/cephx/../Crypto.h:110
110	    return ckh->encrypt(in, out, error);
(gdb) bt
    at auth/cephx/../Crypto.h:110
    at auth/cephx/CephxProtocol.h:464

Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
@loic-bot

Copy link
Copy Markdown

@liewegas

liewegas commented Dec 4, 2015

Copy link
Copy Markdown
Member

This passed a test run. I'd still like to see a simple test before merging it, though, since this failure/error path is very easy to break later. I think you can put a simple test case in, say, src/test/mon/misc.sh, and verify it by running the script with a ./vstart.sh environment (or via make check).

Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
@mathslinux

Copy link
Copy Markdown
Contributor Author

hi @liewegas , I just add a test to detect the error as you suggested, and verify it in different case, could you have a look at and merge it if there is nothing wrong?

@loic-bot

loic-bot commented Dec 7, 2015

Copy link
Copy Markdown

liewegas added a commit that referenced this pull request Dec 11, 2015
auth: fix crash when bad keyring is passed

Reviewed-by: Sage Weil <sage@redhat.com>
@liewegas liewegas merged commit b3ad2b9 into ceph:master Dec 11, 2015
@jdurgin

jdurgin commented Dec 11, 2015

Copy link
Copy Markdown
Member

@mtanski can you make a bug for backporting it? (reference this pr, set the status to "Pending Backport" and the backport field to infernalis (and maybe hammer too))

@smithfarm

Copy link
Copy Markdown
Contributor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants