Bug #6806: mon: audit cmd_getval() calls to make sure they handle failures correctly - Ceph - Ceph

Actions

Copy link

Bug #6806

closed

mon: audit cmd_getval() calls to make sure they handle failures correctly

Added by Joao Eduardo Luis over 10 years ago. Updated almost 10 years ago.

Status:

Resolved

Priority:

High

Assignee:

Joao Eduardo Luis

Category:

Monitor

Target version:

% Done:

Source:

other

Tags:

Backport:

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

During #6796 we noticed that most calls to cmd_getval() do not care for the function's return value, which indicates whether it was successful in parsing the value with the expected type. This can cause all sorts of problems in the monitors, specially considering that most of these values will end up uninitialized.

Not only can this be a problem on a mixed-version cluster if variable types are different (see #6796), but it can also be problematic if a malicious user intents on causing mayhem.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph

Custom queries

Bug #6806

mon: audit cmd_getval() calls to make sure they handle failures correctly

Updated by Dan Mick over 10 years ago

Updated by Joao Eduardo Luis over 10 years ago

Updated by Sage Weil about 10 years ago

Updated by Joao Eduardo Luis about 10 years ago

Updated by Sage Weil about 10 years ago

Updated by Sage Weil almost 10 years ago