libceph: do not hard code max auth ticket len
authorIlya Dryomov <ilya.dryomov@inktank.com>
Tue, 9 Sep 2014 15:39:15 +0000 (19:39 +0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Sep 2014 16:04:01 +0000 (09:04 -0700)
commit9c38ff707bbe0635121f8fb6f108ee376cff90fe
treea6b0381d0b557cc09bbfa64f6062b97a07f438f1
parent2e1dbf27a941085ba21c23355006f10d297faec9
libceph: do not hard code max auth ticket len

commit c27a3e4d667fdcad3db7b104f75659478e0c68d8 upstream.

We hard code cephx auth ticket buffer size to 256 bytes.  This isn't
enough for any moderate setups and, in case tickets themselves are not
encrypted, leads to buffer overflows (ceph_x_decrypt() errors out, but
ceph_decode_copy() doesn't - it's just a memcpy() wrapper).  Since the
buffer is allocated dynamically anyway, allocated it a bit later, at
the point where we know how much is going to be needed.

Fixes: http://tracker.ceph.com/issues/8979
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/ceph/auth_x.c