Project

General

Profile

Bug #7977

cephx has embedded byte-order dependency

Added by Dan Mick over 6 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
cephx
Target version:
% Done:

0%

Source:
Development
Tags:
endian auth
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

Calculation of the original session key is byte-order-dependent; cephx_calc_client_server_challenge gets a message digest of the random server and client challenges, and then steps through that digest 64 bits at a time and XORs each chunk to come up with a 64-bit key. But it does that by casting to uint64_t, which means the answer is different (byteswapped) if client and server have different byte orders.

Adding an mswab64() solves the problem:

--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@@ -45,7 +45,7 @@ void cephx_calc_client_server_challenge(CephContext *cct, CryptoKey& secret, uin
   uint64_t k = 0;
   const uint64_t *p = (const uint64_t *)enc.c_str();
   for (int pos = 0; pos + sizeof(k) <= enc.length(); pos+=sizeof(k), p++)
-    k ^= *p;
+    k ^= mswab64(*p);
   *key = k;
 }

Associated revisions

Revision 4dc62669 (diff)
Added by Dan Mick over 6 years ago

Fix byte-order dependency in calculation of initial challenge

Fixes: #7977
Signed-off-by: Dan Mick <>
Reviewed-by: Sage Weil <>

Revision 1dd42e0f (diff)
Added by Dan Mick over 6 years ago

Fix byte-order dependency in calculation of initial challenge

Fixes: #7977
Signed-off-by: Dan Mick <>
Reviewed-by: Sage Weil <>
(cherry picked from commit 4dc62669ecd679bc4d0ef2b996b2f0b45b8b4dc7)

Revision ede254a4 (diff)
Added by Dan Mick over 6 years ago

Fix byte-order dependency in calculation of initial challenge

Fixes: #7977
Signed-off-by: Dan Mick <>
Reviewed-by: Sage Weil <>
(cherry picked from commit 4dc62669ecd679bc4d0ef2b996b2f0b45b8b4dc7)

History

#1 Updated by Dan Mick over 6 years ago

  • Description updated (diff)

#2 Updated by Sage Weil over 6 years ago

  • Status changed from 12 to Pending Backport

#3 Updated by Sage Weil over 6 years ago

  • Status changed from Pending Backport to Resolved

#4 Updated by Dan Mick over 5 years ago

  • Tags set to endian auth

Also available in: Atom PDF