libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()

commit f1d10e04637924f2b00a0fecdd2ca4565f5cfc3f upstream.

Allow for extending ceph_x_authorize_reply in the future.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 10eb759..2bf9d9f 100644 (file)
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -737,8 +737,10 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
        ret = ceph_x_decrypt(&au->session_key, &p, p + CEPHX_AU_ENC_BUF_LEN);
        if (ret < 0)
                return ret;
-       if (ret != sizeof(*reply))
-               return -EPERM;
+       if (ret < sizeof(*reply)) {
+               pr_err("bad size %d for ceph_x_authorize_reply\n", ret);
+               return -EINVAL;
+       }
 
        if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))
                ret = -EPERM;