Patch "libceph: ceph_x_encrypt_buflen() takes in_len" has been added to the 4.9-stable tree

[<gregkh@linuxfoundation.org>]

This is a note to let you know that I've just added the patch titled

    libceph: ceph_x_encrypt_buflen() takes in_len

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     libceph-ceph_x_encrypt_buflen-takes-in_len.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From 36721ece1e84a25130c4befb930509b3f96de020 Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <idryomov@gmail.com>
Date: Fri, 2 Dec 2016 16:35:06 +0100
Subject: libceph: ceph_x_encrypt_buflen() takes in_len

From: Ilya Dryomov <idryomov@gmail.com>

commit 36721ece1e84a25130c4befb930509b3f96de020 upstream.

Pass what's going to be encrypted - that's msg_b, not ticket_blob.
ceph_x_encrypt_buflen() returns the upper bound, so this doesn't change
the maxlen calculation, but makes it a bit clearer.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/ceph/auth_x.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -308,8 +308,8 @@ static int ceph_x_build_authorizer(struc
 	if (ret)
 		goto out_au;
 
-	maxlen = sizeof(*msg_a) + sizeof(msg_b) +
-		ceph_x_encrypt_buflen(ticket_blob_len);
+	maxlen = sizeof(*msg_a) + ticket_blob_len +
+		ceph_x_encrypt_buflen(sizeof(msg_b));
 	dout("  need len %d\n", maxlen);
 	if (au->buf && au->buf->alloc_len < maxlen) {
 		ceph_buffer_put(au->buf);
@@ -350,11 +350,12 @@ static int ceph_x_build_authorizer(struc
 			     p, end - p);
 	if (ret < 0)
 		goto out_au;
+
 	p += ret;
+	WARN_ON(p > end);
 	au->buf->vec.iov_len = p - au->buf->vec.iov_base;
 	dout(" built authorizer nonce %llx len %d\n", au->nonce,
 	     (int)au->buf->vec.iov_len);
-	BUG_ON(au->buf->vec.iov_len > maxlen);
 	return 0;
 
 out_au:


Patches currently in stable-queue which might be from idryomov@gmail.com are

queue-4.9/libceph-switch-ceph_x_decrypt-to-ceph_crypt.patch
queue-4.9/libceph-introduce-ceph_x_encrypt_offset.patch
queue-4.9/libceph-rename-and-align-ceph_x_authorizer-reply_buf.patch
queue-4.9/libceph-ceph_x_encrypt_buflen-takes-in_len.patch
queue-4.9/libceph-introduce-ceph_crypt-for-in-place-en-decryption.patch
queue-4.9/libceph-old_key-in-process_one_ticket-is-redundant.patch
queue-4.9/libceph-tweak-calcu_signature-a-little.patch
queue-4.9/libceph-remove-now-unused-ceph_-en-de-crypt-functions.patch
queue-4.9/ceph-fix-bad-endianness-handling-in-parse_reply_info_extra.patch
queue-4.9/libceph-switch-ceph_x_encrypt-to-ceph_crypt.patch