rpms / glusterfs

Clone
Source Code
GIT

Blame SOURCES/0524-feature-changelog-Fix-buffer-overflow-crash.patch

c4 c5 c5-plus c6 c6-plus c6-sig-storage-gluster-5 c6-sig-storage-gluster-6 c6-sig-storage-gluster-7 c7 c7-alt c7-atomic c7-beta c7-sig-storage-gluster-5 c7-sig-storage-gluster-6 c7-sig-storage-gluster-7 c7-sig-storage-gluster-8 c7-sig-storage-gluster-9 c8 c8-beta c8-sig-storage-gluster-10 c8-sig-storage-gluster-6 c8-sig-storage-gluster-7 c8-sig-storage-gluster-8 c8-sig-storage-gluster-9 c8s c8s-sig-storage-gluster-10 c8s-sig-storage-gluster-11 c8s-sig-storage-gluster-8 c8s-sig-storage-gluster-9 c9 c9-beta c9s-sig-storage-gluster-10 c9s-sig-storage-gluster-11 c9s-sig-storage-gluster-9
  1.   0dfb81d54455f0315e1295d8359248e26b084e4b
  2.   SOURCES
  3.   0524-feature-changelog-Fix-buffer-overflow-crash.patch
Blob History Raw
21ab4e 
From 40efa03c9a35f3a06260bb7a8d678c9198c5cc34 Mon Sep 17 00:00:00 2001
21ab4e 
From: Kotresh HR <khiremat@redhat.com>
21ab4e 
Date: Tue, 20 Jun 2017 06:26:18 -0400
21ab4e 
Subject: [PATCH 524/525] feature/changelog: Fix buffer overflow crash
21ab4e
21ab4e 
The buffer used to hold the basename  was hard coded
21ab4e 
to the size of NAME_MAX(255). It might lead to buffer
21ab4e 
overflow crashes when the basename which is sent
21ab4e 
is more than NAME_MAX length. Fixed the same.
21ab4e
21ab4e 
> Change-Id: I6c1cad3ccaeb8c55549b1d3c5f96a198f65ba2b7
21ab4e 
> BUG: 1463178
21ab4e 
> Signed-off-by: Kotresh HR <khiremat@redhat.com>
21ab4e 
> Reviewed-on: https://review.gluster.org/17579
21ab4e 
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
21ab4e 
> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
21ab4e 
> Smoke: Gluster Build System <jenkins@build.gluster.org>
21ab4e 
> Reviewed-by: jiffin tony Thottan <jthottan@redhat.com>
21ab4e
21ab4e 
Change-Id: I6c1cad3ccaeb8c55549b1d3c5f96a198f65ba2b7
21ab4e 
BUG: 1462773
21ab4e 
Signed-off-by: Kotresh HR <khiremat@redhat.com>
21ab4e 
Reviewed-on: https://code.engineering.redhat.com/gerrit/109655
21ab4e 
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
21ab4e 
---
21ab4e 
 xlators/features/changelog/src/changelog.c | 6 ++++--
21ab4e 
 1 file changed, 4 insertions(+), 2 deletions(-)
21ab4e
21ab4e 
diff --git a/xlators/features/changelog/src/changelog.c b/xlators/features/changelog/src/changelog.c
21ab4e 
index 8817359..a43436a 100644
21ab4e 
--- a/xlators/features/changelog/src/changelog.c
21ab4e 
+++ b/xlators/features/changelog/src/changelog.c
21ab4e 
@@ -221,8 +221,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this,
21ab4e 
         gf_boolean_t                 barrier_enabled = _gf_false;
21ab4e 
         dht_changelog_rename_info_t  *info           = NULL;
21ab4e 
         int                          ret             = 0;
21ab4e 
-        char                         old_name[NAME_MAX] = {0};
21ab4e 
-        char                         new_name[NAME_MAX] = {0};
21ab4e 
+        char                        *old_name        = NULL;
21ab4e 
+        char                        *new_name        = NULL;
21ab4e 
         char                         *nname             = NULL;
21ab4e
21ab4e 
         INIT_LIST_HEAD (&queue);
21ab4e 
@@ -233,6 +233,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this,
21ab4e 
         ret = dict_get_bin (xdata, DHT_CHANGELOG_RENAME_OP_KEY, (void **)&info;;
21ab4e 
         if (!ret) {     /* special case: unlink considered as rename */
21ab4e 
                 /* 3 == fop + oldloc + newloc */
21ab4e 
+                old_name = alloca (info->oldname_len);
21ab4e 
+                new_name = alloca (info->newname_len);
21ab4e 
                 CHANGELOG_INIT_NOCHECK (this, frame->local,
21ab4e 
                                         NULL, loc->inode->gfid, 3);
21ab4e
21ab4e 
--
21ab4e 
1.8.3.1
21ab4e

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation