Commit cbf99a11 authored by Ilya Dryomov's avatar Ilya Dryomov
Browse files

libceph: introduce ceph_x_authorizer_cleanup() 



Commit ae385eaf ("libceph: store session key in cephx authorizer")
introduced ceph_x_authorizer::session_key, but didn't update all the
exit/error paths.  Introduce ceph_x_authorizer_cleanup() to encapsulate
ceph_x_authorizer cleanup and switch to it.  This fixes ceph_x_destroy(),
which currently always leaks key and ceph_x_build_authorizer() error
paths.

Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
Reviewed-by: default avatarYan, Zheng <zyan@redhat.com>
parent 5e804ac4

net/ceph/auth_x.c

+17 −11
Original line number Diff line number Diff line
@@ -279,6 +279,15 @@ static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, 
	return -EINVAL;

}



static void ceph_x_authorizer_cleanup(struct ceph_x_authorizer *au)

{

	ceph_crypto_key_destroy(&au->session_key);

	if (au->buf) {

		ceph_buffer_put(au->buf);

		au->buf = NULL;

	}

}



static int ceph_x_build_authorizer(struct ceph_auth_client *ac,

				   struct ceph_x_ticket_handler *th,

				   struct ceph_x_authorizer *au)
@@ -297,7 +306,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, 
	ceph_crypto_key_destroy(&au->session_key);

	ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);

	if (ret)

		return ret;

		goto out_au;



	maxlen = sizeof(*msg_a) + sizeof(msg_b) +

		ceph_x_encrypt_buflen(ticket_blob_len);
@@ -309,8 +318,8 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, 
	if (!au->buf) {

		au->buf = ceph_buffer_new(maxlen, GFP_NOFS);

		if (!au->buf) {

			ceph_crypto_key_destroy(&au->session_key);

			return -ENOMEM;

			ret = -ENOMEM;

			goto out_au;

		}

	}

	au->service = th->service;
@@ -340,7 +349,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, 
	ret = ceph_x_encrypt(&au->session_key, &msg_b, sizeof(msg_b),

			     p, end - p);

	if (ret < 0)

		goto out_buf;

		goto out_au;

	p += ret;

	au->buf->vec.iov_len = p - au->buf->vec.iov_base;

	dout(" built authorizer nonce %llx len %d\n", au->nonce,
@@ -348,9 +357,8 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, 
	BUG_ON(au->buf->vec.iov_len > maxlen);

	return 0;



out_buf:

	ceph_buffer_put(au->buf);

	au->buf = NULL;

out_au:

	ceph_x_authorizer_cleanup(au);

	return ret;

}
@@ -624,8 +632,7 @@ static void ceph_x_destroy_authorizer(struct ceph_auth_client *ac, 
{

	struct ceph_x_authorizer *au = (void *)a;



	ceph_crypto_key_destroy(&au->session_key);

	ceph_buffer_put(au->buf);

	ceph_x_authorizer_cleanup(au);

	kfree(au);

}
@@ -653,8 +660,7 @@ static void ceph_x_destroy(struct ceph_auth_client *ac) 
		remove_ticket_handler(ac, th);

	}



	if (xi->auth_authorizer.buf)

		ceph_buffer_put(xi->auth_authorizer.buf);

	ceph_x_authorizer_cleanup(&xi->auth_authorizer);



	kfree(ac->private);

	ac->private = NULL;

net/ceph/crypto.h

+3 −1
Original line number Diff line number Diff line
@@ -16,8 +16,10 @@ struct ceph_crypto_key { 


static inline void ceph_crypto_key_destroy(struct ceph_crypto_key *key)

{

	if (key)

	if (key) {

		kfree(key->key);

		key->key = NULL;

	}

}



int ceph_crypto_key_clone(struct ceph_crypto_key *dst,