Skip to content

Commit

Permalink
Merge pull request #11930: hammer: cephx: Fix multiple segfaults due …
Browse files Browse the repository at this point in the history 
…to attempts to encrypt or decrypt

Reviewed-by: Nathan Cutler <ncutler@suse.com>
  • Loading branch information
@smithfarm
smithfarm committed Nov 21, 2016
2 parents f13a2a0 + fbf51ba commit 454967d
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 2 deletions.
2 changes: 2 additions & 0 deletions src/auth/Crypto.h
View file
Expand Up @@ -107,10 +107,12 @@ class CryptoKey {
int create(CephContext *cct, int type);
int encrypt(CephContext *cct, const bufferlist& in, bufferlist& out,
std::string *error) const {
assert(ckh); // Bad key?
return ckh->encrypt(in, out, error);
}
int decrypt(CephContext *cct, const bufferlist& in, bufferlist& out,
std::string *error) const {
assert(ckh); // Bad key?
return ckh->decrypt(in, out, error);
}

Expand Down
6 changes: 6 additions & 0 deletions src/auth/cephx/CephxClientHandler.cc
View file
Expand Up @@ -46,6 +46,12 @@ int CephxClientHandler::build_request(bufferlist& bl) const
return -ENOENT;
}

// is the key OK?
if (!secret.get_secret().length()) {
ldout(cct, 20) << "secret for entity " << cct->_conf->name << " is invalid" << dendl;
return -EINVAL;
}

CephXAuthenticate req;
get_random_bytes((char *)&req.client_challenge, sizeof(req.client_challenge));
std::string error;
Expand Down
10 changes: 8 additions & 2 deletions src/auth/cephx/CephxProtocol.cc
View file
Expand Up @@ -61,7 +61,10 @@ bool cephx_build_service_ticket_blob(CephContext *cct, CephXSessionAuthInfo& inf
<< " ticket_info.ticket.name=" << ticket_info.ticket.name.to_str() << dendl;
blob.secret_id = info.secret_id;
std::string error;
encode_encrypt_enc_bl(cct, ticket_info, info.service_secret, blob.blob, error);
if (!info.service_secret.get_secret().length())
error = "invalid key"; // Bad key?
else
encode_encrypt_enc_bl(cct, ticket_info, info.service_secret, blob.blob, error);
if (!error.empty()) {
ldout(cct, -1) << "cephx_build_service_ticket_blob failed with error "
<< error << dendl;
Expand Down Expand Up @@ -429,7 +432,10 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
}
}
std::string error;
decode_decrypt_enc_bl(cct, ticket_info, service_secret, ticket.blob, error);
if (!service_secret.get_secret().length())
error = "invalid key"; // Bad key?
else
decode_decrypt_enc_bl(cct, ticket_info, service_secret, ticket.blob, error);
if (!error.empty()) {
ldout(cct, 0) << "verify_authorizer could not decrypt ticket info: error: "
<< error << dendl;
Expand Down

0 comments on commit 454967d

Please sign in to comment.