Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 1af471f51e0725befbe4a961ac0abd99db01d368
commit1af471f51e0725befbe4a961ac0abd99db01d368[log] [tgz]
authorIlya Dryomov <ilya.dryomov@inktank.com>Tue Sep 09 19:39:15 2014 +0400
committerchrmhoffmann <chrmhoffmann@gmail.com>Sun Apr 05 10:20:43 2020 +0200
treee318bdb862a5ae78d118643d7bb87277c86d504b
parent61fad8124876d9905ba551e6c22c3085ed1bfa31 [diff]
libceph: do not hard code max auth ticket len

commit c27a3e4d667fdcad3db7b104f75659478e0c68d8 upstream.

We hard code cephx auth ticket buffer size to 256 bytes.  This isn't
enough for any moderate setups and, in case tickets themselves are not
encrypted, leads to buffer overflows (ceph_x_decrypt() errors out, but
ceph_decode_copy() doesn't - it's just a memcpy() wrapper).  Since the
buffer is allocated dynamically anyway, allocated it a bit later, at
the point where we know how much is going to be needed.

Fixes: http://tracker.ceph.com/issues/8979

Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Zefan Li <lizefan@huawei.com>
1 file changed
tree: e318bdb862a5ae78d118643d7bb87277c86d504b
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS