Tree - rpms/glusterfs - CentOS Git server

rpms / glusterfs

Files

Commit: 38347345809a3c9d353b7225971688848978b2f7
Blob Blame History Raw
From 7eeba48a6aa2bb04b40163849f211f068a8e6452 Mon Sep 17 00:00:00 2001
From: Amar Tumballi <amarts@redhat.com>
Date: Tue, 2 Oct 2018 13:27:20 +0530
Subject: [PATCH 388/399] glusterd-handshake: prevent a buffer overflow

as key size in xdr can be anything, it can be bigger than the
'NAME_MAX' allowed in the structure, which can allow for service denial
attacks.

Fixes: CVE-2018-14653
BUG: 1634668
Change-Id: I207db66e0bd1959aad7ca40040cc66b9fc81e111
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/151515
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-handshake.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c
index 3d1dfb2..d5594d0 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handshake.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c
@@ -847,6 +847,12 @@ __server_getspec (rpcsvc_request_t *req)
 
         volume = args.key;
 
+        if (strlen (volume) >= (NAME_MAX)) {
+                op_errno = EINVAL;
+                gf_msg (this->name, GF_LOG_ERROR, EINVAL, GD_MSG_NAME_TOO_LONG,
+                        "volume name too long (%s)", volume);
+                goto fail;
+        }
         /* Need to strip leading '/' from volnames. This was introduced to
          * support nfs style mount parameters for native gluster mount
          */
-- 
1.8.3.1
rpms / glusterfs

Source Code

Files
