osd/ReplicatedPG: verify we have enough data for WRITE and WRITEFULL

Fixes: #2207 Signed-off-by: Sage Weil <sage@inktank.com> Reviewed-by: Samuel Just <sam.just@inktank.com>
author: Sage Weil <sage@inktank.com> 2013-08-23 15:02:00 -0700
committer: Sage Weil <sage@inktank.com> 2013-08-23 15:12:18 -0700
commit: 14a1e6ecd467320edcd8b2b70c538102e66d3a83 (patch)
tree: cd970e854ae179d09e20ae6089e0a996c28dd443
parent: 83c8588807ea65f9319e2347ecae4309e34c9354 (diff)
download: ceph-14a1e6ecd467320edcd8b2b70c538102e66d3a83.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/osd/ReplicatedPG.cc b/src/osd/ReplicatedPG.cc
index 60eb65b7d8b..a2a40058ac1 100644
--- a/src/osd/ReplicatedPG.cc
+++ b/src/osd/ReplicatedPG.cc
@@ -2594,6 +2594,10 @@ int ReplicatedPG::do_osd_ops(OpContext *ctx, vector<OSDOp>& ops)
     case CEPH_OSD_OP_WRITE:
       ++ctx->num_write;
       { // write
+	if (op.extent.length > osd_op.indata.length()) {
+	  result = -EINVAL;
+	  break;
+	}
         __u32 seq = oi.truncate_seq;
         if (seq && (seq > op.extent.truncate_seq) &&
             (op.extent.offset + op.extent.length > oi.size)) {
@@ -2640,6 +2644,10 @@ int ReplicatedPG::do_osd_ops(OpContext *ctx, vector<OSDOp>& ops)
     case CEPH_OSD_OP_WRITEFULL:
       ++ctx->num_write;
       { // write full object
+	if (op.extent.length > osd_op.indata.length()) {
+	  result = -EINVAL;
+	  break;
+	}
 	result = check_offset_and_length(op.extent.offset, op.extent.length);
 	if (result < 0)
 	  break;
author	Sage Weil <sage@inktank.com>	2013-08-23 15:02:00 -0700
committer	Sage Weil <sage@inktank.com>	2013-08-23 15:12:18 -0700
commit	14a1e6ecd467320edcd8b2b70c538102e66d3a83 (patch)
tree	cd970e854ae179d09e20ae6089e0a996c28dd443
parent	83c8588807ea65f9319e2347ecae4309e34c9354 (diff)
download	ceph-14a1e6ecd467320edcd8b2b70c538102e66d3a83.tar.gz