iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libceph: set -EINVAL in one place in crush_decode()

Browse Source 
No sooner than Dan had fixed this issue in commit 293dffaad8d5
("libceph: NULL deref on crush_decode() error path"), I brought it
back.  Add a new label and set -EINVAL once, right before failing.

Fixes: 278b1d709c6a ("libceph: ceph_decode_skip_* helpers")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This commit is contained in:
Ilya Dryomov 2017-07-13 15:57:26 +02:00
parent 00c8ebb360
commit c2acfd95d0
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
net/ceph/osdmap.c
View File

@ -338,7 +338,7 @@ static void crush_finalize(struct crush_map *c)
static struct crush_map *crush_decode(void *pbyval, void *end) static struct crush_map *crush_decode(void *pbyval, void *end)
{ {
struct crush_map *c; struct crush_map *c;
int err = -EINVAL; int err;
int i, j; int i, j;
void **p = &pbyval; void **p = &pbyval;
void *start = pbyval; void *start = pbyval;
@ -407,7 +407,6 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
size = sizeof(struct crush_bucket_straw2); size = sizeof(struct crush_bucket_straw2);
break; break;
default: default:
err = -EINVAL;
goto bad; goto bad;
} }
BUG_ON(size == 0); BUG_ON(size == 0);
@ -439,31 +438,31 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
err = crush_decode_uniform_bucket(p, end, err = crush_decode_uniform_bucket(p, end,
(struct crush_bucket_uniform *)b); (struct crush_bucket_uniform *)b);
if (err < 0) if (err < 0)
goto bad; goto fail;
break; break;
case CRUSH_BUCKET_LIST: case CRUSH_BUCKET_LIST:
err = crush_decode_list_bucket(p, end, err = crush_decode_list_bucket(p, end,
(struct crush_bucket_list *)b); (struct crush_bucket_list *)b);
if (err < 0) if (err < 0)
goto bad; goto fail;
break; break;
case CRUSH_BUCKET_TREE: case CRUSH_BUCKET_TREE:
err = crush_decode_tree_bucket(p, end, err = crush_decode_tree_bucket(p, end,
(struct crush_bucket_tree *)b); (struct crush_bucket_tree *)b);
if (err < 0) if (err < 0)
goto bad; goto fail;
break; break;
case CRUSH_BUCKET_STRAW: case CRUSH_BUCKET_STRAW:
err = crush_decode_straw_bucket(p, end, err = crush_decode_straw_bucket(p, end,
(struct crush_bucket_straw *)b); (struct crush_bucket_straw *)b);
if (err < 0) if (err < 0)
goto bad; goto fail;
break; break;
case CRUSH_BUCKET_STRAW2: case CRUSH_BUCKET_STRAW2:
err = crush_decode_straw2_bucket(p, end, err = crush_decode_straw2_bucket(p, end,
(struct crush_bucket_straw2 *)b); (struct crush_bucket_straw2 *)b);
if (err < 0) if (err < 0)
goto bad; goto fail;
break; break;
} }
} }
@ -474,7 +473,6 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
u32 yes; u32 yes;
struct crush_rule *r; struct crush_rule *r;
err = -EINVAL;
ceph_decode_32_safe(p, end, yes, bad); ceph_decode_32_safe(p, end, yes, bad);
if (!yes) { if (!yes) {
dout("crush_decode NO rule %d off %x %p to %p\n", dout("crush_decode NO rule %d off %x %p to %p\n",
@ -489,7 +487,6 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
/* len */ /* len */
ceph_decode_32_safe(p, end, yes, bad); ceph_decode_32_safe(p, end, yes, bad);
#if BITS_PER_LONG == 32 #if BITS_PER_LONG == 32
err = -EINVAL;
if (yes > (ULONG_MAX - sizeof(*r)) if (yes > (ULONG_MAX - sizeof(*r))
/ sizeof(struct crush_rule_step)) / sizeof(struct crush_rule_step))
goto bad; goto bad;
@ -557,7 +554,7 @@ static struct crush_map *crush_decode(void *pbyval, void *end)
if (*p != end) { if (*p != end) {
err = decode_choose_args(p, end, c); err = decode_choose_args(p, end, c);
if (err) if (err)
goto bad; goto fail;
} }
done: done:
@ -567,10 +564,14 @@ done:
badmem: badmem:
err = -ENOMEM; err = -ENOMEM;
bad: fail:
dout("crush_decode fail %d\n", err); dout("crush_decode fail %d\n", err);
crush_destroy(c); crush_destroy(c);
return ERR_PTR(err); return ERR_PTR(err);
bad:
err = -EINVAL;
goto fail;
} }
int ceph_pg_compare(const struct ceph_pg *lhs, const struct ceph_pg *rhs) int ceph_pg_compare(const struct ceph_pg *lhs, const struct ceph_pg *rhs)