From 4b3a43a2fd2a9daa2870d7422f124dec2480c4a3 Mon Sep 17 00:00:00 2001 From: Susant Palai Date: Thu, 4 Jun 2015 22:37:11 +0530 Subject: [PATCH 08/18] glusterd: Buffer overflow causing crash for glusterd Problem: In GLUSTERD_GET_DEFRAG_PROCESS we are using PATH_MAX (4096) as the max size of the input for target path, but we have allocated NAME_MAX (255) size of buffer for the target. Now this crash is not seen with source, but seen with RPMS. The reason is _foritfy_fail. This check happens when _FORTIFY_SOURCE flag is enabled. This option tries to figure out possible overflow scenarios like the bug here and does crash the process. BUG: 1228541 Change-Id: I0df5d1546761ba73e88ccbf135cb49307aa9145e Signed-off-by: Susant Palai Reviewed-on: https://code.engineering.redhat.com/gerrit/50095 Reviewed-by: Raghavendra Gowdappa Tested-by: Raghavendra Gowdappa --- xlators/mgmt/glusterd/src/glusterd.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xlators/mgmt/glusterd/src/glusterd.h b/xlators/mgmt/glusterd/src/glusterd.h index bca7697..ab62952 100644 --- a/xlators/mgmt/glusterd/src/glusterd.h +++ b/xlators/mgmt/glusterd/src/glusterd.h @@ -599,9 +599,9 @@ typedef ssize_t (*gd_serialize_t) (struct iovec outmsg, void *args); #define GLUSTERD_GET_DEFRAG_PROCESS(path, volinfo) do { \ if (volinfo->rebal.defrag_cmd == GF_DEFRAG_CMD_START_TIER) \ - snprintf (path, PATH_MAX, "tier"); \ + snprintf (path, NAME_MAX, "tier"); \ else \ - snprintf (path, PATH_MAX, "rebalance"); \ + snprintf (path, NAME_MAX, "rebalance"); \ } while (0) #define GLUSTERD_GET_DEFRAG_DIR(path, volinfo, priv) do { \ -- 1.9.3