libceph: Fix NULL pointer dereference in auth client code
authorTyler Hicks <tyhicks@canonical.com>
Thu, 20 Jun 2013 20:13:59 +0000 (13:13 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sat, 13 Jul 2013 18:42:25 +0000 (11:42 -0700)
commitb96e7dacf24315a84f71ba0f15a603ba5f82b010
treeeecf2188f148182fb08437684e033ecbe5959759
parent8bb495e3f02401ee6f76d1b1d77f3ac9f079e376
libceph: Fix NULL pointer dereference in auth client code

commit 2cb33cac622afde897aa02d3dcd9fbba8bae839e upstream.

A malicious monitor can craft an auth reply message that could cause a
NULL function pointer dereference in the client's kernel.

To prevent this, the auth_none protocol handler needs an empty
ceph_auth_client_ops->build_request() function.

CVE-2013-1059

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Chanam Park <chanam.park@hkpco.kr>
Reviewed-by: Seth Arnold <seth.arnold@canonical.com>
Reviewed-by: Sage Weil <sage@inktank.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/ceph/auth_none.c