diff options
author | Ilya Dryomov <ilya.dryomov@inktank.com> | 2014-03-13 16:36:15 +0200 |
---|---|---|
committer | Sage Weil <sage@inktank.com> | 2014-04-04 21:07:43 -0700 |
commit | 9902e682c7f3df9ed5f60bc6f9c7efa6fd6b2d1d (patch) | |
tree | 2f8d6bbb7bd710aca4689662a8877666e1ac5eae /net/ceph | |
parent | 2d88b2e0819e0401ebb195e9fa20fab4be1965c8 (diff) |
libceph: fix crush_decode() call site in osdmap_decode()
The size of the memory area feeded to crush_decode() should be limited
not only by osdmap end, but also by the crush map length. Also, drop
unnecessary dout() (dout() in crush_decode() conveys the same info) and
step past crush map only if it is decoded successfully.
Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Alex Elder <elder@linaro.org>
Diffstat (limited to 'net/ceph')
-rw-r--r-- | net/ceph/osdmap.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c index c39ac624ccc3..d4a6b0df3627 100644 --- a/net/ceph/osdmap.c +++ b/net/ceph/osdmap.c @@ -802,16 +802,13 @@ static int osdmap_decode(void **p, void *end, struct ceph_osdmap *map) /* crush */ ceph_decode_32_safe(p, end, len, e_inval); - dout("osdmap_decode crush len %d from off 0x%x\n", len, - (int)(*p - start)); - ceph_decode_need(p, end, len, e_inval); - map->crush = crush_decode(*p, end); - *p += len; + map->crush = crush_decode(*p, min(*p + len, end)); if (IS_ERR(map->crush)) { err = PTR_ERR(map->crush); map->crush = NULL; goto bad; } + *p += len; /* ignore the rest */ *p = end; |