|
 |
e7a346 |
From 7eeba48a6aa2bb04b40163849f211f068a8e6452 Mon Sep 17 00:00:00 2001
|
|
|
e7a346 |
From: Amar Tumballi <amarts@redhat.com>
|
|
|
e7a346 |
Date: Tue, 2 Oct 2018 13:27:20 +0530
|
|
|
e7a346 |
Subject: [PATCH 388/399] glusterd-handshake: prevent a buffer overflow
|
|
|
e7a346 |
|
|
|
e7a346 |
as key size in xdr can be anything, it can be bigger than the
|
|
|
e7a346 |
'NAME_MAX' allowed in the structure, which can allow for service denial
|
|
|
e7a346 |
attacks.
|
|
|
e7a346 |
|
|
|
e7a346 |
Fixes: CVE-2018-14653
|
|
|
e7a346 |
BUG: 1634668
|
|
|
e7a346 |
Change-Id: I207db66e0bd1959aad7ca40040cc66b9fc81e111
|
|
|
e7a346 |
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
|
|
e7a346 |
Reviewed-on: https://code.engineering.redhat.com/gerrit/151515
|
|
|
e7a346 |
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
|
|
|
e7a346 |
---
|
|
|
e7a346 |
xlators/mgmt/glusterd/src/glusterd-handshake.c | 6 ++++++
|
|
|
e7a346 |
1 file changed, 6 insertions(+)
|
|
|
e7a346 |
|
|
|
e7a346 |
diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c
|
|
|
e7a346 |
index 3d1dfb2..d5594d0 100644
|
|
|
e7a346 |
--- a/xlators/mgmt/glusterd/src/glusterd-handshake.c
|
|
|
e7a346 |
+++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c
|
|
|
e7a346 |
@@ -847,6 +847,12 @@ __server_getspec (rpcsvc_request_t *req)
|
|
|
e7a346 |
|
|
|
e7a346 |
volume = args.key;
|
|
|
e7a346 |
|
|
|
e7a346 |
+ if (strlen (volume) >= (NAME_MAX)) {
|
|
|
e7a346 |
+ op_errno = EINVAL;
|
|
|
e7a346 |
+ gf_msg (this->name, GF_LOG_ERROR, EINVAL, GD_MSG_NAME_TOO_LONG,
|
|
|
e7a346 |
+ "volume name too long (%s)", volume);
|
|
|
e7a346 |
+ goto fail;
|
|
|
e7a346 |
+ }
|
|
|
e7a346 |
/* Need to strip leading '/' from volnames. This was introduced to
|
|
|
e7a346 |
* support nfs style mount parameters for native gluster mount
|
|
|
e7a346 |
*/
|
|
|
e7a346 |
--
|
|
|
e7a346 |
1.8.3.1
|
|
|
e7a346 |
|