keyring: catch key decode errors

Return EINVAL on decoding errors. Other decode_base64() callers are already guarded. Fixes: ceph#2124 Signed-off-by: Sage Weil <[email protected]>
zmc · May 5, 2012 · ae0ca7b · ae0ca7b
1 parent 6812309
commit ae0ca7b
Showing 1 changed file with 18 additions and 6 deletions.
diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc
@@ -62,9 +62,15 @@ int KeyRing::from_ceph_context(CephContext *cct, KeyRing **pkeyring)
 
   if (!conf->key.empty()) {
     EntityAuth ea;
-    ea.key.decode_base64(conf->key);
-    keyring->add(conf->name, ea);
-    found_key = true;
+    try {
+      ea.key.decode_base64(conf->key);
+      keyring->add(conf->name, ea);
+      found_key = true;
+    }
+    catch (buffer::error& e) {
+      lderr(cct) << "KeyRing::from_ceph_context: failed to decode key " << conf->key << dendl;
+      return -EINVAL;
+    }
   }
 
   if (!conf->keyfile.empty()) {
@@ -80,9 +86,15 @@ int KeyRing::from_ceph_context(CephContext *cct, KeyRing **pkeyring)
       else {
 	string k = buf;
 	EntityAuth ea;
-	ea.key.decode_base64(k);
-	keyring->add(conf->name, ea);
-	found_key = true;
+	try {
+	  ea.key.decode_base64(k);
+	  keyring->add(conf->name, ea);
+	  found_key = true;
+	}
+	catch (buffer::error& e) {
+	  lderr(cct) << "KeyRing::from_ceph_context: failed to decode key " << k << dendl;
+	  return -EINVAL;
+	}
       }
       fclose(fp);
     } else {