Project

General

Profile

Actions
Copy link

Bug #7977

closed

cephx has embedded byte-order dependency

Added by Dan Mick about 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
High
Assignee:
Dan Mick
Category:
cephx
Target version:
0.78
% Done:

0%

Source:
Development
Tags:
endian auth
Backport:
Regression:
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Calculation of the original session key is byte-order-dependent; cephx_calc_client_server_challenge gets a message digest of the random server and client challenges, and then steps through that digest 64 bits at a time and XORs each chunk to come up with a 64-bit key. But it does that by casting to uint64_t, which means the answer is different (byteswapped) if client and server have different byte orders.

Adding an mswab64() solves the problem:

--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@@ -45,7 +45,7 @@ void cephx_calc_client_server_challenge(CephContext *cct, CryptoKey& secret, uin
   uint64_t k = 0;
   const uint64_t *p = (const uint64_t *)enc.c_str();
   for (int pos = 0; pos + sizeof(k) <= enc.length(); pos+=sizeof(k), p++)
-    k ^= *p;
+    k ^= mswab64(*p);
   *key = k;
 }

Actions
Copy link
 #1

Updated by Dan Mick about 10 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Sage Weil about 10 years ago

  • Status changed from 12 to Pending Backport
Actions
Copy link
 #3

Updated by Sage Weil about 10 years ago

  • Status changed from Pending Backport to Resolved
Actions
Copy link
 #4

Updated by Dan Mick over 9 years ago

  • Tags set to endian auth
Actions
Copy link

Also available in: Atom PDF