Commit 00c8ebb3 authored by Dan Carpenter's avatar Dan Carpenter Committed by Ilya Dryomov

libceph: NULL deref on osdmap_apply_incremental() error path

There are hidden gotos in the ceph_decode_* macros.  We need to set the
"err" variable on these error paths otherwise we end up returning
ERR_PTR(0) which is NULL.  It causes NULL dereferences in the callers.

Fixes: 6f428df4 ("libceph: pg_upmap[_items] infrastructure")
Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
[idryomov@gmail.com: similar bug in osdmap_decode(), changelog tweak]
Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
parent e67ae2b7
...@@ -1544,7 +1544,7 @@ static int osdmap_decode(void **p, void *end, struct ceph_osdmap *map) ...@@ -1544,7 +1544,7 @@ static int osdmap_decode(void **p, void *end, struct ceph_osdmap *map)
if (struct_v >= 3) { if (struct_v >= 3) {
/* erasure_code_profiles */ /* erasure_code_profiles */
ceph_decode_skip_map_of_map(p, end, string, string, string, ceph_decode_skip_map_of_map(p, end, string, string, string,
bad); e_inval);
} }
if (struct_v >= 4) { if (struct_v >= 4) {
...@@ -1825,9 +1825,9 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end, ...@@ -1825,9 +1825,9 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end,
if (struct_v >= 3) { if (struct_v >= 3) {
/* new_erasure_code_profiles */ /* new_erasure_code_profiles */
ceph_decode_skip_map_of_map(p, end, string, string, string, ceph_decode_skip_map_of_map(p, end, string, string, string,
bad); e_inval);
/* old_erasure_code_profiles */ /* old_erasure_code_profiles */
ceph_decode_skip_set(p, end, string, bad); ceph_decode_skip_set(p, end, string, e_inval);
} }
if (struct_v >= 4) { if (struct_v >= 4) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment