From patchwork Mon Oct 27 16:06:12 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ilya Dryomov <ilya.dryomov@inktank.com>
X-Patchwork-Id: 5162851
Return-Path: <ceph-devel-owner@kernel.org>
X-Original-To: patchwork-ceph-devel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 565A5C11AD
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Mon, 27 Oct 2014 16:06:33 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 80F962011E
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Mon, 27 Oct 2014 16:06:32 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 972872020E
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Mon, 27 Oct 2014 16:06:31 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752309AbaJ0QGZ (ORCPT
	<rfc822;patchwork-ceph-devel@patchwork.kernel.org>);
	Mon, 27 Oct 2014 12:06:25 -0400
Received: from mail-lb0-f174.google.com ([209.85.217.174]:36125 "EHLO
	mail-lb0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752217AbaJ0QGX (ORCPT
	<rfc822; ceph-devel@vger.kernel.org>); Mon, 27 Oct 2014 12:06:23 -0400
Received: by mail-lb0-f174.google.com with SMTP id p9so5921043lbv.5
	for <ceph-devel@vger.kernel.org>;
	Mon, 27 Oct 2014 09:06:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:subject:date:message-id;
	bh=LiRCNQCrBF0Q2J6whLsZfZM8QXxsfuEA7A4FJbKS848=;
	b=IOumHCPxZ5QLG8U5dZY9MLPiL+LGi4n2KahcZeS2YZH6p9yfhnVAwYfDx9C7JSgxYs
	SEUU+mvIYkRvaFuY1suusLWorGIYiccOLwHIUjoJ7hn9a9RKgKqImVdAjjfpFbdLcx11
	tknGry4OMmI8OioXGpdojVLXDnm1hpWzHhXMqktcchlaagb7EAGt2f1bxeJhm0XbYQ9j
	pVsL2GUbZ2VXsJxVTsA3sAKPsaDTtB8UcV7KstRYmIqzcESv2uu/yRZOIPh6IWyE9IkL
	5jjl7CEeTwDne6SliOkAcLUzzHB9G3tAu/aXaVL7eM5Y6JuoyAH0BOTZhiBdjBQ8ruAs
	o7ug==
X-Gm-Message-State: 
 ALoCoQlSEAMAlG4KEvj7p8RJTeg579IjafAKbBLthO19W3UXMivEBHq4uQFOxpP+UwJ4uoZzPL49
X-Received: by 10.112.36.197 with SMTP id s5mr25028925lbj.30.1414425982213;
	Mon, 27 Oct 2014 09:06:22 -0700 (PDT)
Received: from localhost ([109.110.67.111])
	by mx.google.com with ESMTPSA id g5sm346461lam.1.2014.10.27.09.06.20
	for <ceph-devel@vger.kernel.org>
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Mon, 27 Oct 2014 09:06:21 -0700 (PDT)
From: Ilya Dryomov <ilya.dryomov@inktank.com>
X-Google-Original-From: Ilya Dryomov <idryomov@redhat.com>
To: ceph-devel@vger.kernel.org
Subject: [PATCH] libceph: eliminate unnecessary allocation in
	process_one_ticket()
Date: Mon, 27 Oct 2014 19:06:12 +0300
Message-Id: <1414425972-10703-1-git-send-email-idryomov@redhat.com>
X-Mailer: git-send-email 1.7.10.4
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Commit c27a3e4d667f ("libceph: do not hard code max auth ticket len")
while fixing a buffer overlow tried to keep the same as much of the
surrounding code as possible and introduced an unnecessary kmalloc() in
the unencrypted ticket path.  It is likely to fail on huge tickets, so
get rid of it.

Signed-off-by: Ilya Dryomov <idryomov@redhat.com>
Reviewed-by: Sage Weil <sage@redhat.com>
---
 net/ceph/auth_x.c |   25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index de6662b14e1f..7e38b729696a 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -149,6 +149,7 @@ static int process_one_ticket(struct ceph_auth_client *ac,
 	struct ceph_crypto_key old_key;
 	void *ticket_buf = NULL;
 	void *tp, *tpend;
+	void **ptp;
 	struct ceph_timespec new_validity;
 	struct ceph_crypto_key new_session_key;
 	struct ceph_buffer *new_ticket_blob;
@@ -208,25 +209,19 @@ static int process_one_ticket(struct ceph_auth_client *ac,
 			goto out;
 		}
 		tp = ticket_buf;
-		dlen = ceph_decode_32(&tp);
+		ptp = &tp;
+		tpend = *ptp + dlen;
 	} else {
 		/* unencrypted */
-		ceph_decode_32_safe(p, end, dlen, bad);
-		ticket_buf = kmalloc(dlen, GFP_NOFS);
-		if (!ticket_buf) {
-			ret = -ENOMEM;
-			goto out;
-		}
-		tp = ticket_buf;
-		ceph_decode_need(p, end, dlen, bad);
-		ceph_decode_copy(p, ticket_buf, dlen);
+		ptp = p;
+		tpend = end;
 	}
-	tpend = tp + dlen;
+	ceph_decode_32_safe(ptp, tpend, dlen, bad);
 	dout(" ticket blob is %d bytes\n", dlen);
-	ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad);
-	blob_struct_v = ceph_decode_8(&tp);
-	new_secret_id = ceph_decode_64(&tp);
-	ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend);
+	ceph_decode_need(ptp, tpend, 1 + sizeof(u64), bad);
+	blob_struct_v = ceph_decode_8(ptp);
+	new_secret_id = ceph_decode_64(ptp);
+	ret = ceph_decode_buffer(&new_ticket_blob, ptp, tpend);
 	if (ret)
 		goto out;