summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmar Tumballi <amarts@redhat.com>2012-04-11 14:40:44 +0530
committerAnand Avati <avati@redhat.com>2012-04-11 10:07:52 -0700
commit0bfadb56d0ce0ffaa410eccb2a9d9eaaf6f3ab7c (patch)
tree7b0783eee8f49dcfefdb0e69351747ab73cc551f
parentf56404a3358c799f907f36aecedf774b1875a56c (diff)
protocol/server: validate connection object before dereferencing
in 'release()' and 'releasedir()' fops the check for 'connection object' was not done before dereferencing it. the check was in place for all other fops. handling the missing cases now. also removed some warnings related to 'set-but-unused' Change-Id: I47b95318e8f2f28233179be509ce090b2fb7276d Signed-off-by: Amar Tumballi <amarts@redhat.com> BUG: 801411 Reviewed-on: http://review.gluster.com/3125 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
-rw-r--r--xlators/protocol/server/src/server3_1-fops.c29
1 files changed, 10 insertions, 19 deletions
diff --git a/xlators/protocol/server/src/server3_1-fops.c b/xlators/protocol/server/src/server3_1-fops.c
index 6ce0b27af..7c64b5f9f 100644
--- a/xlators/protocol/server/src/server3_1-fops.c
+++ b/xlators/protocol/server/src/server3_1-fops.c
@@ -3437,6 +3437,10 @@ server_release (rpcsvc_request_t *req)
}
conn = req->trans->xl_private;
+ if (!conn) {
+ req->rpc_err = GARBAGE_ARGS;
+ goto out;
+ }
gf_fd_put (conn->fdtable, args.fd);
server_submit_reply (NULL, req, &rsp, NULL, 0, NULL,
@@ -3462,6 +3466,11 @@ server_releasedir (rpcsvc_request_t *req)
}
conn = req->trans->xl_private;
+ if (!conn) {
+ req->rpc_err = GARBAGE_ARGS;
+ goto out;
+ }
+
gf_fd_put (conn->fdtable, args.fd);
server_submit_reply (NULL, req, &rsp, NULL, 0, NULL,
@@ -3818,7 +3827,6 @@ server_setxattr (rpcsvc_request_t *req)
server_state_t *state = NULL;
dict_t *dict = NULL;
call_frame_t *frame = NULL;
- server_connection_t *conn = NULL;
gfs3_setxattr_req args = {{0,},};
int32_t ret = -1;
int32_t op_errno = 0;
@@ -3826,8 +3834,6 @@ server_setxattr (rpcsvc_request_t *req)
if (!req)
return ret;
- conn = req->trans->xl_private;
-
args.dict.dict_val = alloca (req->msg[0].iov_len);
if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_setxattr_req)) {
@@ -3894,7 +3900,6 @@ server_fsetxattr (rpcsvc_request_t *req)
{
server_state_t *state = NULL;
dict_t *dict = NULL;
- server_connection_t *conn = NULL;
call_frame_t *frame = NULL;
gfs3_fsetxattr_req args = {{0,},};
int32_t ret = -1;
@@ -3903,8 +3908,6 @@ server_fsetxattr (rpcsvc_request_t *req)
if (!req)
return ret;
- conn = req->trans->xl_private;
-
args.dict.dict_val = alloca (req->msg[0].iov_len);
if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_fsetxattr_req)) {
//failed to decode msg;
@@ -3968,7 +3971,6 @@ server_fxattrop (rpcsvc_request_t *req)
{
dict_t *dict = NULL;
server_state_t *state = NULL;
- server_connection_t *conn = NULL;
call_frame_t *frame = NULL;
gfs3_fxattrop_req args = {{0,},};
int32_t ret = -1;
@@ -3977,8 +3979,6 @@ server_fxattrop (rpcsvc_request_t *req)
if (!req)
return ret;
- conn = req->trans->xl_private;
-
args.dict.dict_val = alloca (req->msg[0].iov_len);
if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_fxattrop_req)) {
//failed to decode msg;
@@ -4043,7 +4043,6 @@ server_xattrop (rpcsvc_request_t *req)
{
dict_t *dict = NULL;
server_state_t *state = NULL;
- server_connection_t *conn = NULL;
call_frame_t *frame = NULL;
gfs3_xattrop_req args = {{0,},};
int32_t ret = -1;
@@ -4052,8 +4051,6 @@ server_xattrop (rpcsvc_request_t *req)
if (!req)
return ret;
- conn = req->trans->xl_private;
-
args.dict.dict_val = alloca (req->msg[0].iov_len);
if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_xattrop_req)) {
@@ -5325,7 +5322,6 @@ int
server_lk (rpcsvc_request_t *req)
{
server_state_t *state = NULL;
- server_connection_t *conn = NULL;
call_frame_t *frame = NULL;
gfs3_lk_req args = {{0,},};
int ret = -1;
@@ -5334,8 +5330,6 @@ server_lk (rpcsvc_request_t *req)
if (!req)
return ret;
- conn = req->trans->xl_private;
-
if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_lk_req)) {
//failed to decode msg;
req->rpc_err = GARBAGE_ARGS;
@@ -5401,7 +5395,7 @@ server_lk (rpcsvc_request_t *req)
state->flock.l_type = F_UNLCK;
break;
default:
- gf_log (conn->bound_xl->name, GF_LOG_ERROR,
+ gf_log (state->conn->bound_xl->name, GF_LOG_ERROR,
"fd - %"PRId64" (%s): Unknown lock type: %"PRId32"!",
state->resolve.fd_no,
uuid_utoa (state->fd->inode->gfid), state->type);
@@ -5500,7 +5494,6 @@ int
server_lookup (rpcsvc_request_t *req)
{
call_frame_t *frame = NULL;
- server_connection_t *conn = NULL;
server_state_t *state = NULL;
gfs3_lookup_req args = {{0,},};
int ret = -1;
@@ -5508,8 +5501,6 @@ server_lookup (rpcsvc_request_t *req)
GF_VALIDATE_OR_GOTO ("server", req, err);
- conn = req->trans->xl_private;
-
args.bname = alloca (req->msg[0].iov_len);
args.xdata.xdata_val = alloca (req->msg[0].iov_len);