From 4b3a43a2fd2a9daa2870d7422f124dec2480c4a3 Mon Sep 17 00:00:00 2001
From: Susant Palai <spalai@redhat.com>
Date: Thu, 4 Jun 2015 22:37:11 +0530
Subject: [PATCH 08/18] glusterd: Buffer overflow causing crash for glusterd

Problem: In GLUSTERD_GET_DEFRAG_PROCESS we are using PATH_MAX (4096)
as the max size of the input for target path, but we have allocated
NAME_MAX (255) size of buffer for the target.

Now this crash is not seen with source, but seen with RPMS.
The reason is _foritfy_fail. This check happens when _FORTIFY_SOURCE
flag is enabled. This option tries to figure out possible
overflow scenarios like the bug here and does crash the process.

BUG: 1228541
Change-Id: I0df5d1546761ba73e88ccbf135cb49307aa9145e
Signed-off-by: Susant Palai <spalai@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/50095
Reviewed-by: Raghavendra Gowdappa <rgowdapp@redhat.com>
Tested-by: Raghavendra Gowdappa <rgowdapp@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/xlators/mgmt/glusterd/src/glusterd.h b/xlators/mgmt/glusterd/src/glusterd.h
index bca7697..ab62952 100644
--- a/xlators/mgmt/glusterd/src/glusterd.h
+++ b/xlators/mgmt/glusterd/src/glusterd.h
@@ -599,9 +599,9 @@ typedef ssize_t (*gd_serialize_t) (struct iovec outmsg, void *args);
 
 #define GLUSTERD_GET_DEFRAG_PROCESS(path, volinfo) do {                     \
                 if (volinfo->rebal.defrag_cmd == GF_DEFRAG_CMD_START_TIER)  \
-                        snprintf (path, PATH_MAX, "tier"); \
+                        snprintf (path, NAME_MAX, "tier"); \
                 else                                                        \
-                        snprintf (path, PATH_MAX, "rebalance"); \
+                        snprintf (path, NAME_MAX, "rebalance"); \
         } while (0)
 
 #define GLUSTERD_GET_DEFRAG_DIR(path, volinfo, priv) do {               \
-- 
1.9.3