diff options
author | Sage Weil <sage@inktank.com> | 2012-12-12 22:01:03 -0800 |
---|---|---|
committer | Sage Weil <sage@inktank.com> | 2012-12-12 22:01:03 -0800 |
commit | 975003bf671508840f23706a4aa5e0ccfa9a7aae (patch) | |
tree | 8fa44117bb25b862d9a1a0823a0c498011f34314 | |
parent | 448db47965d5602f295c894499467df19f609384 (diff) | |
download | ceph-975003bf671508840f23706a4aa5e0ccfa9a7aae.tar.gz |
auth: guard decode_decrypt with try block
This will catch buffer decoding errors (maybe the block is empty) and
return an error string.
May fix (or possibly paper over) #3459.
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Greg Farnum <greg@inktank.com>
-rw-r--r-- | src/auth/cephx/CephxProtocol.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/auth/cephx/CephxProtocol.h b/src/auth/cephx/CephxProtocol.h index dfa2b2f0896..38e0616b501 100644 --- a/src/auth/cephx/CephxProtocol.h +++ b/src/auth/cephx/CephxProtocol.h @@ -470,8 +470,13 @@ int decode_decrypt(CephContext *cct, T& t, const CryptoKey key, bufferlist::iterator& iter, std::string &error) { bufferlist bl_enc; - ::decode(bl_enc, iter); - decode_decrypt_enc_bl(cct, t, key, bl_enc, error); + try { + ::decode(bl_enc, iter); + decode_decrypt_enc_bl(cct, t, key, bl_enc, error); + } + catch (buffer::error e) { + error = "error decoding block for decryption"; + } if (!error.empty()) return CEPHX_CRYPT_ERR; return 0; |