diff options
| author | Amar Tumballi <amar@gluster.com> | 2010-08-13 05:58:51 +0000 |
|---|---|---|
| committer | Anand V. Avati <avati@dev.gluster.com> | 2010-08-13 04:41:28 -0700 |
| commit | b2925e78a54e1aab7e2a06d40127c59cc922cf1b (patch) | |
| tree | 247a52ec604f33c91455d29414dcdadca4d363e9 | |
| parent | 42436eb494e29745bd5e63865085fc26316ddf57 (diff) | |
cli cmd validation
* check buffer/stack overwrite if there is large number of argument to
gluster command
Signed-off-by: Amar Tumballi <amar@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 1265 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1265
| -rw-r--r-- | cli/src/cli-cmd-parser.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/cli/src/cli-cmd-parser.c b/cli/src/cli-cmd-parser.c index c3bfc5f54..3d843680d 100644 --- a/cli/src/cli-cmd-parser.c +++ b/cli/src/cli-cmd-parser.c @@ -45,7 +45,8 @@ cli_cmd_volume_create_parse (const char **words, int wordcount, dict_t **options gf1_cluster_type type = GF_CLUSTER_TYPE_NONE; int count = 0; int brick_count = 0, brick_index = 0; - char brick_list[8192] = {0,}; + int brick_list_size = 1; + char brick_list[120000] = {0,}; GF_ASSERT (words); GF_ASSERT (options); @@ -116,9 +117,16 @@ cli_cmd_volume_create_parse (const char **words, int wordcount, dict_t **options ret = -1; goto out; } - + if ((brick_list_size + strlen (words[brick_index]) + 1) > 120000) { + gf_log ("cli", GF_LOG_ERROR, + "total brick list is larger than a request " + "can take (brick_count %d)", brick_count); + ret = -1; + goto out; + } strcat (brick_list, words[brick_index]); strcat (brick_list, " "); + brick_list_size += (strlen (words[brick_index]) + 1); ++brick_count; ++brick_index; /* @@ -130,6 +138,7 @@ cli_cmd_volume_create_parse (const char **words, int wordcount, dict_t **options goto out; */ } + ret = dict_set_str (dict, "bricks", brick_list); if (ret) goto out; @@ -231,7 +240,8 @@ cli_cmd_volume_add_brick_parse (const char **words, int wordcount, int count = 0; //char key[50] = {0,}; int brick_count = 0, brick_index = 0; - char brick_list[8192] = {0,}; + int brick_list_size = 1; + char brick_list[120000] = {0,}; GF_ASSERT (words); GF_ASSERT (options); @@ -274,9 +284,17 @@ cli_cmd_volume_add_brick_parse (const char **words, int wordcount, ret = -1; goto out; } + if ((brick_list_size + strlen (words[brick_index]) + 1) > 120000) { + gf_log ("cli", GF_LOG_ERROR, + "total brick list is larger than a request " + "can take (brick_count %d)", brick_count); + ret = -1; + goto out; + } strcat (brick_list, words[brick_index]); strcat (brick_list, " "); + brick_list_size += (strlen (words[brick_index]) + 1); ++brick_count; ++brick_index; /* |