From 56c8ef4a64506c64aeb95d5a2c38d7107f90ac3a Mon Sep 17 00:00:00 2001

From: Xavi Hernandez <xhernandez@redhat.com>

Date: Tue, 5 Feb 2019 16:57:52 +0100

Subject: [PATCH 442/449] fuse: correctly handle setxattr values

The setxattr function receives a pointer to raw data, which may not be

null-terminated. When this data needs to be interpreted as a string, an

explicit null termination needs to be added before using the value.

Upstream patch https://review.gluster.org/#/c/glusterfs/+/22157

> Change-Id: Id110f9b215b22786da5782adec9449ce38d0d563

> updates: bz#1193929

> Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>

Note: this change is not addressing the issue of bz 1787310,

indeed it is prerequisite for other changes that do.

BUG: 1787310

Change-Id: I56417b130eb2a1f388108456c905a577eb658793

Signed-off-by: Csaba Henk <csaba@redhat.com>

Reviewed-on: https://code.engineering.redhat.com/gerrit/202758

Tested-by: RHGS Build Bot <nigelb@redhat.com>

Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>

---

 libglusterfs/src/glusterfs/xlator.h  |  2 +-

 libglusterfs/src/xlator.c            | 28 +++++++++++++++++++++++++---

 xlators/mount/fuse/src/fuse-bridge.c | 20 ++++++++++++++++----

 3 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/libglusterfs/src/glusterfs/xlator.h b/libglusterfs/src/glusterfs/xlator.h

index db04c4d..8650ccc 100644

--- a/libglusterfs/src/glusterfs/xlator.h

+++ b/libglusterfs/src/glusterfs/xlator.h

@@ -1043,7 +1043,7 @@ xlator_mem_acct_init(xlator_t *xl, int num_types);

 void

 xlator_mem_acct_unref(struct mem_acct *mem_acct);

 int

-is_gf_log_command(xlator_t *trans, const char *name, char *value);

+is_gf_log_command(xlator_t *trans, const char *name, char *value, size_t size);

 int

 glusterd_check_log_level(const char *value);

 int

diff --git a/libglusterfs/src/xlator.c b/libglusterfs/src/xlator.c

index 6bd4f09..108b96a 100644

--- a/libglusterfs/src/xlator.c

+++ b/libglusterfs/src/xlator.c

@@ -1278,8 +1278,21 @@ xlator_destroy(xlator_t *xl)

     return 0;

 }

+static int32_t

+gf_bin_to_string(char *dst, size_t size, void *src, size_t len)

+{

+    if (len >= size) {

+        return EINVAL;

+    }

+

+    memcpy(dst, src, len);

+    dst[len] = 0;

+

+    return 0;

+}

+

 int

-is_gf_log_command(xlator_t *this, const char *name, char *value)

+is_gf_log_command(xlator_t *this, const char *name, char *value, size_t size)

 {

     xlator_t *trav = NULL;

     char key[1024] = {

@@ -1291,7 +1304,11 @@ is_gf_log_command(xlator_t *this, const char *name, char *value)

     glusterfs_ctx_t *ctx = NULL;

     if (!strcmp("trusted.glusterfs.syslog", name)) {

-        ret = gf_string2boolean(value, &syslog_flag);

+        ret = gf_bin_to_string(key, sizeof(key), value, size);

+        if (ret != 0) {

+            goto out;

+        }

+        ret = gf_string2boolean(key, &syslog_flag);

         if (ret) {

             ret = EOPNOTSUPP;

             goto out;

@@ -1307,7 +1324,12 @@ is_gf_log_command(xlator_t *this, const char *name, char *value)

     if (fnmatch("trusted.glusterfs*set-log-level", name, FNM_NOESCAPE))

         goto out;

-    log_level = glusterd_check_log_level(value);

+    ret = gf_bin_to_string(key, sizeof(key), value, size);

+    if (ret != 0) {

+        goto out;

+    }

+

+    log_level = glusterd_check_log_level(key);

     if (log_level == -1) {

         ret = EOPNOTSUPP;

         goto out;

diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c

index 2e7584c..cfad2b4 100644

--- a/xlators/mount/fuse/src/fuse-bridge.c

+++ b/xlators/mount/fuse/src/fuse-bridge.c

@@ -4112,7 +4112,7 @@ fuse_setxattr(xlator_t *this, fuse_in_header_t *finh, void *msg,

     /* Check if the command is for changing the log

        level of process or specific xlator */

-    ret = is_gf_log_command(this, name, value);

+    ret = is_gf_log_command(this, name, value, fsi->size);

     if (ret >= 0) {

         op_errno = ret;

         goto done;

@@ -4159,11 +4159,23 @@ fuse_setxattr(xlator_t *this, fuse_in_header_t *finh, void *msg,

          * fixups to make sure that's the case.  To avoid nasty

          * surprises, allocate an extra byte and add a NUL here.

          */

-        dict_value = memdup(value, fsi->size + 1);

+        dict_value = GF_MALLOC(fsi->size + 1, gf_common_mt_char);

+        if (dict_value == NULL) {

+            gf_log("glusterfs-fuse", GF_LOG_ERROR,

+                   "%" PRIu64 ": SETXATTR value allocation failed",

+                   finh->unique);

+            op_errno = ENOMEM;

+            goto done;

+        }

+        memcpy(dict_value, value, fsi->size);

         dict_value[fsi->size] = '\0';

     }

-    dict_set(state->xattr, newkey,

-             data_from_dynptr((void *)dict_value, fsi->size));

+    ret = dict_set_dynptr(state->xattr, newkey, dict_value, fsi->size);

+    if (ret < 0) {

+        op_errno = -ret;

+        GF_FREE(dict_value);

+        goto done;

+    }

     state->flags = fsi->flags;

     state->name = newkey;

-- 

1.8.3.1