Project

General

Profile

Actions
Copy link

Bug #53107

open

Encryption.py explodes if osd_dmcrypt_key_size is specified

Added by Mark Kirkwood over 2 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
Ceph - v12.0.0, Ceph - v13.0.0, Ceph - v14.0.0, Ceph - v15.0.0, Ceph - v16.0.0, Ceph - v17.0.0
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

If osd_dmcrypt_key_size is specified then this code in encryption.py:

    dmcrypt_key_size = conf.ceph.get_safe(
        'osd',
        'osd_dmcrypt_key_size',
        default=1024,
    )

returns the key size as a str. The next bit of code tries to do some math with it:
    random_string = os.urandom(int(dmcrypt_key_size / 8))

and explodes with an unsupported types for / error.

There are 2 things wrong with this code:
  1. The default is type int, but the conf.ceph.get_safe() returns a str
  2. the random_string calc should cast dmcrypt_key_size before the divide

A patch for both of these (against master) is attached.

Files

encryption.py.patch (793 Bytes) encryption.py.patch Patch for both problems Mark Kirkwood, 10/30/2021 09:46 PM
Actions
Copy link
 #1

Updated by Guillaume Abrioux over 2 years ago

Do you mind sending a PR since you already have the patch?

Actions
Copy link
 #2

Updated by Mark Kirkwood about 2 years ago

I do, but it includes a fox for CVE-2021-3979 as well:

https://github.com/ceph/ceph/pull/44966

Actions
Copy link
 #3

Updated by Mark Kirkwood about 2 years ago

Mark Kirkwood wrote:

I do, but it includes a fix for CVE-2021-3979 as well:

https://github.com/ceph/ceph/pull/44966

Actions
Copy link

Also available in: Atom PDF