summaryrefslogtreecommitdiff
path: root/net/ceph
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2017-07-13 10:45:17 +0300
committerIlya Dryomov <idryomov@gmail.com>2017-07-17 15:54:58 +0300
commit00c8ebb360937bbc5da02929d62fcbf6a72801eb (patch)
treee35bf3150b2251ac2db8d16a50576ef975943e3a /net/ceph
parente67ae2b7b23b283e657865b498b151e6a17b919d (diff)
downloadlinux-00c8ebb360937bbc5da02929d62fcbf6a72801eb.tar.xz
libceph: NULL deref on osdmap_apply_incremental() error path
There are hidden gotos in the ceph_decode_* macros. We need to set the "err" variable on these error paths otherwise we end up returning ERR_PTR(0) which is NULL. It causes NULL dereferences in the callers. Fixes: 6f428df47dae ("libceph: pg_upmap[_items] infrastructure") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> [idryomov@gmail.com: similar bug in osdmap_decode(), changelog tweak] Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'net/ceph')
-rw-r--r--net/ceph/osdmap.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index 864789c5974e..3ffc7a1fd8b1 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -1544,7 +1544,7 @@ static int osdmap_decode(void **p, void *end, struct ceph_osdmap *map)
if (struct_v >= 3) {
/* erasure_code_profiles */
ceph_decode_skip_map_of_map(p, end, string, string, string,
- bad);
+ e_inval);
}
if (struct_v >= 4) {
@@ -1825,9 +1825,9 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
if (struct_v >= 3) {
/* new_erasure_code_profiles */
ceph_decode_skip_map_of_map(p, end, string, string, string,
- bad);
+ e_inval);
/* old_erasure_code_profiles */
- ceph_decode_skip_set(p, end, string, bad);
+ ceph_decode_skip_set(p, end, string, e_inval);
}
if (struct_v >= 4) {