diff options
| author | Krutika Dhananjay <kdhananj@redhat.com> | 2012-11-28 22:29:36 +0530 | 
|---|---|---|
| committer | Anand Avati <avati@redhat.com> | 2012-12-19 13:18:58 -0800 | 
| commit | da7ca1efcf3a621c27f05d621715e57fdc5aa397 (patch) | |
| tree | 59d2ae86837f00d68a1348604ba5a9a2c70b9221 /xlators | |
| parent | 6b0d888e0729e7f7922d9b0a76dc27bae724e812 (diff) | |
protocol/server: Do not access key after GF_FREE in _delete_auth_opt()
PROBLEMS:
1.'key' becomes a dangling pointer after the first call to dict_del()
   returns, in _delete_auth_opt(). Therefore, the second call to
   fnmatch() is made with 'key' pointing to deallocated space.
2. Also, the name _delete_auth_opt seems to suggest that the function
   is intended to match and delete "auth" options from the dictionary.
   But it winds up deleting all the options irrespective of whether
   the pattern match was successful or not. The same is true with
   _copy_auth_opt().
FIX:
Changed _delete_auth_opt() to delete the key ONLY if it matches either
of the two patterns (auth.addr.*.allow and auth.addr.*.reject).
Similarly, changed _copy_auth_opt() along the same lines.
Change-Id: Ic8664e5a0a29cefe43cb59a27e32fbdbeac154b5
BUG: 881062
Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com>
Reviewed-on: http://review.gluster.org/4337
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/protocol/server/src/server.c | 29 | 
1 files changed, 18 insertions, 11 deletions
| diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c index 908f62a7b..19f09a82f 100644 --- a/xlators/protocol/server/src/server.c +++ b/xlators/protocol/server/src/server.c @@ -839,13 +839,16 @@ static int  _delete_auth_opt (dict_t *this, char *key, data_t *value, void *data)  {          char *auth_option_pattern[] = { "auth.addr.*.allow", -                                        "auth.addr.*.reject"}; +                                        "auth.addr.*.reject", +                                        NULL}; +        int i = 0; -        if (fnmatch ( auth_option_pattern[0], key, 0) != 0) -                dict_del (this, key); - -        if (fnmatch ( auth_option_pattern[1], key, 0) != 0) -                dict_del (this, key); +        for (i = 0; auth_option_pattern[i]; i++) { +                if (fnmatch (auth_option_pattern[i], key, 0) == 0) { +                        dict_del (this, key); +                        break; +                } +        }          return 0;  } @@ -855,12 +858,16 @@ static int  _copy_auth_opt (dict_t *unused, char *key, data_t *value, void *xl_dict)  {          char *auth_option_pattern[] = { "auth.addr.*.allow", -                                        "auth.addr.*.reject"}; -        if (fnmatch ( auth_option_pattern[0], key, 0) != 0) -                dict_set ((dict_t *)xl_dict, key, (value)); +                                        "auth.addr.*.reject", +                                        NULL}; +        int i = 0; -        if (fnmatch ( auth_option_pattern[1], key, 0) != 0) -                dict_set ((dict_t *)xl_dict, key, (value)); +        for (i = 0; auth_option_pattern [i]; i++) { +                if (fnmatch (auth_option_pattern[i], key, 0) == 0) { +                        dict_set ((dict_t *)xl_dict, key, value); +                        break; +                } +        }          return 0;  } | 
