libceph: fix watch_item_t decoding to use ceph_decode_entity_addr
While we're in there, let's also fix up the decoder to do proper bounds checking. Signed-off-by: Jeff Layton <jlayton@kernel.org> Reviewed-by: "Yan, Zheng" <zyan@redhat.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This commit is contained in:
parent
dcbc919a5d
commit
51fc7ab445
|
@ -4914,20 +4914,26 @@ static int decode_watcher(void **p, void *end, struct ceph_watch_item *item)
|
|||
ret = ceph_start_decoding(p, end, 2, "watch_item_t",
|
||||
&struct_v, &struct_len);
|
||||
if (ret)
|
||||
return ret;
|
||||
goto bad;
|
||||
|
||||
ret = -EINVAL;
|
||||
ceph_decode_copy_safe(p, end, &item->name, sizeof(item->name), bad);
|
||||
ceph_decode_64_safe(p, end, item->cookie, bad);
|
||||
ceph_decode_skip_32(p, end, bad); /* skip timeout seconds */
|
||||
|
||||
ceph_decode_copy(p, &item->name, sizeof(item->name));
|
||||
item->cookie = ceph_decode_64(p);
|
||||
*p += 4; /* skip timeout_seconds */
|
||||
if (struct_v >= 2) {
|
||||
ceph_decode_copy(p, &item->addr, sizeof(item->addr));
|
||||
ceph_decode_addr(&item->addr);
|
||||
ret = ceph_decode_entity_addr(p, end, &item->addr);
|
||||
if (ret)
|
||||
goto bad;
|
||||
} else {
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
dout("%s %s%llu cookie %llu addr %s\n", __func__,
|
||||
ENTITY_NAME(item->name), item->cookie,
|
||||
ceph_pr_addr(&item->addr));
|
||||
return 0;
|
||||
bad:
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int decode_watchers(void **p, void *end,
|
||||
|
|
Loading…
Reference in New Issue