diff options
author | Dan Carpenter <dan.carpenter@oracle.com> | 2017-07-13 10:45:17 +0300 |
---|---|---|
committer | Ilya Dryomov <idryomov@gmail.com> | 2017-07-17 14:54:58 +0200 |
commit | 00c8ebb360937bbc5da02929d62fcbf6a72801eb (patch) | |
tree | e35bf3150b2251ac2db8d16a50576ef975943e3a /net | |
parent | e67ae2b7b23b283e657865b498b151e6a17b919d (diff) | |
download | op-kernel-dev-00c8ebb360937bbc5da02929d62fcbf6a72801eb.zip op-kernel-dev-00c8ebb360937bbc5da02929d62fcbf6a72801eb.tar.gz |
libceph: NULL deref on osdmap_apply_incremental() error path
There are hidden gotos in the ceph_decode_* macros. We need to set the
"err" variable on these error paths otherwise we end up returning
ERR_PTR(0) which is NULL. It causes NULL dereferences in the callers.
Fixes: 6f428df47dae ("libceph: pg_upmap[_items] infrastructure")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
[idryomov@gmail.com: similar bug in osdmap_decode(), changelog tweak]
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/ceph/osdmap.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c index 864789c..3ffc7a1 100644 --- a/net/ceph/osdmap.c +++ b/net/ceph/osdmap.c @@ -1544,7 +1544,7 @@ static int osdmap_decode(void **p, void *end, struct ceph_osdmap *map) if (struct_v >= 3) { /* erasure_code_profiles */ ceph_decode_skip_map_of_map(p, end, string, string, string, - bad); + e_inval); } if (struct_v >= 4) { @@ -1825,9 +1825,9 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end, if (struct_v >= 3) { /* new_erasure_code_profiles */ ceph_decode_skip_map_of_map(p, end, string, string, string, - bad); + e_inval); /* old_erasure_code_profiles */ - ceph_decode_skip_set(p, end, string, bad); + ceph_decode_skip_set(p, end, string, e_inval); } if (struct_v >= 4) { |