From 4b3a43a2fd2a9daa2870d7422f124dec2480c4a3 Mon Sep 17 00:00:00 2001

From: Susant Palai <spalai@redhat.com>

Date: Thu, 4 Jun 2015 22:37:11 +0530

Subject: [PATCH 08/18] glusterd: Buffer overflow causing crash for glusterd

Problem: In GLUSTERD_GET_DEFRAG_PROCESS we are using PATH_MAX (4096)

as the max size of the input for target path, but we have allocated

NAME_MAX (255) size of buffer for the target.

Now this crash is not seen with source, but seen with RPMS.

The reason is _foritfy_fail. This check happens when _FORTIFY_SOURCE

flag is enabled. This option tries to figure out possible

overflow scenarios like the bug here and does crash the process.

BUG: 1228541

Change-Id: I0df5d1546761ba73e88ccbf135cb49307aa9145e

Signed-off-by: Susant Palai <spalai@redhat.com>

Reviewed-on: https://code.engineering.redhat.com/gerrit/50095

Reviewed-by: Raghavendra Gowdappa <rgowdapp@redhat.com>

Tested-by: Raghavendra Gowdappa <rgowdapp@redhat.com>

---

 xlators/mgmt/glusterd/src/glusterd.h | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xlators/mgmt/glusterd/src/glusterd.h b/xlators/mgmt/glusterd/src/glusterd.h

index bca7697..ab62952 100644

--- a/xlators/mgmt/glusterd/src/glusterd.h

+++ b/xlators/mgmt/glusterd/src/glusterd.h

@@ -599,9 +599,9 @@ typedef ssize_t (*gd_serialize_t) (struct iovec outmsg, void *args);

 #define GLUSTERD_GET_DEFRAG_PROCESS(path, volinfo) do {                     \

                 if (volinfo->rebal.defrag_cmd == GF_DEFRAG_CMD_START_TIER)  \

-                        snprintf (path, PATH_MAX, "tier"); \

+                        snprintf (path, NAME_MAX, "tier"); \

                 else                                                        \

-                        snprintf (path, PATH_MAX, "rebalance"); \

+                        snprintf (path, NAME_MAX, "rebalance"); \

         } while (0)

 #define GLUSTERD_GET_DEFRAG_DIR(path, volinfo, priv) do {               \

-- 

1.9.3