Merge PR #26958 into nautilus

* refs/pull/26958/head: mon: avoid using naked pointer msg/async: do not "return std::move(local_var)" mon: do not assert on bad auth payload Reviewed-by: Ricardo Dias <rdias@suse.com> Reviewed-by: Kefu Chai <kchai@redhat.com> Reviewed-by: João Eduardo Luís <joao@suse.de> Reviewed-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
2024-12-23 20:03:56 +00:00 · 2019-03-15 12:09:35 -05:00 · 2019-03-15 12:09:35 -05:00 · faf19b81c1
commit faf19b81c1
parent 570fcd7861 0500fff76b
2 changed files with 18 additions and 11 deletions
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@ -6184,8 +6184,8 @@ int Monitor::handle_auth_request(
    }

    // handler?
-    AuthServiceHandler *auth_handler = get_auth_service_handler(
-      auth_method, g_ceph_context, &key_server);
+    unique_ptr<AuthServiceHandler> auth_handler{get_auth_service_handler(
+      auth_method, g_ceph_context, &key_server)};
    if (!auth_handler) {
      dout(1) << __func__ << " auth_method " << auth_method << " not supported"
 	      << dendl;
@ -6195,10 +6195,20 @@ int Monitor::handle_auth_request(
    uint8_t mode;
    EntityName entity_name;

-    decode(mode, p);
-    assert(mode >= AUTH_MODE_MON && mode <= AUTH_MODE_MON_MAX);
-    decode(entity_name, p);
-    decode(con->peer_global_id, p);
+    try {
+      decode(mode, p);
+      if (mode < AUTH_MODE_MON ||
+	  mode > AUTH_MODE_MON_MAX) {
+	dout(1) << __func__ << " invalid mode " << (int)mode << dendl;
+	return -EACCES;
+      }
+      assert(mode >= AUTH_MODE_MON && mode <= AUTH_MODE_MON_MAX);
+      decode(entity_name, p);
+      decode(con->peer_global_id, p);
+    } catch (buffer::error& e) {
+      dout(1) << __func__ << " failed to decode, " << e.what() << dendl;
+      return -EACCES;
+    }

    // supported method?
    if (entity_name.get_type() == CEPH_ENTITY_TYPE_MON ||
@ -6209,7 +6219,6 @@ int Monitor::handle_auth_request(
 	dout(10) << __func__ << " entity " << entity_name << " method "
 		 << auth_method << " not among supported "
 		 << auth_cluster_required.get_supported_set() << dendl;
-	delete auth_handler;
 	return -EOPNOTSUPP;
      }
    } else {
@ -6217,7 +6226,6 @@ int Monitor::handle_auth_request(
 	dout(10) << __func__ << " entity " << entity_name << " method "
 		 << auth_method << " not among supported "
 		 << auth_cluster_required.get_supported_set() << dendl;
-	delete auth_handler;
 	return -EOPNOTSUPP;
      }
    }
@ -6230,7 +6238,6 @@ int Monitor::handle_auth_request(
      con->peer_global_id = authmon()->_assign_global_id();
      if (!con->peer_global_id) {
 	dout(1) << __func__ << " failed to assign global_id" << dendl;
-	delete auth_handler;
 	return -EBUSY;
      }
      dout(10) << __func__ << "  assigned global_id " << con->peer_global_id
@ -6239,7 +6246,7 @@ int Monitor::handle_auth_request(

    // set up partial session
    s = new MonSession(con);
-    s->auth_handler = auth_handler;
+    s->auth_handler = auth_handler.release();
    con->set_priv(RefCountedPtr{s, false});

    r = s->auth_handler->start_session(
--- a/src/msg/async/crypto_onwire.cc
+++ b/src/msg/async/crypto_onwire.cc
@ -225,7 +225,7 @@ ceph::bufferlist AES128GCM_OnWireRxHandler::authenticated_decrypt_update(

  ceph::bufferlist outbl;
  outbl.push_back(std::move(plainnode));
-  return std::move(outbl);
+  return outbl;
 }