From 57e72677ac1123b583be8daec2287efac87362df Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Tue, 19 Jun 2012 11:41:19 +0200
Subject: glusterd: avoid buffer overrun for over-long volname

[in glusterd_store_is_valid_brickpath]
When strlen(volname) is no smaller than sizeof(volinfo->volname),
volinfo->volname would end up not being NUL-terminated.
Then, a use of that buffer that expects it to be NUL-terminated
(i.e., glusterd_store_brickinfopath_set's GLUSTERD_GET_BRICK_DIR)
will access beyond the end of the buffer.
Instead, diagnose the too-long volume name and fail.

Change-Id: I655d8638547bf342d33280c14ff1edacc3cdeb5a
BUG: 789278
Signed-off-by: Jim Meyering <meyering@redhat.com>
Reviewed-on: http://review.gluster.com/3591
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-store.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'xlators/mgmt/glusterd')

diff --git a/xlators/mgmt/glusterd/src/glusterd-store.c b/xlators/mgmt/glusterd/src/glusterd-store.c
index b9177b3c0..a70256c39 100644
--- a/xlators/mgmt/glusterd/src/glusterd-store.c
+++ b/xlators/mgmt/glusterd/src/glusterd-store.c
@@ -232,6 +232,7 @@ glusterd_store_is_valid_brickpath (char *volname, char *brick)
         glusterd_brickinfo_t    *brickinfo = NULL;
         glusterd_volinfo_t      *volinfo = NULL;
         int32_t                 ret = 0;
+        size_t                  volname_len = strlen (volname);
 
         ret = glusterd_brickinfo_from_brick (brick, &brickinfo);
         if (ret) {
@@ -245,7 +246,12 @@ glusterd_store_is_valid_brickpath (char *volname, char *brick)
                 ret = 0;
                 goto out;
         }
-        strncpy (volinfo->volname, volname, sizeof (volinfo->volname));
+        if (volname_len >= sizeof (volinfo->volname)) {
+                gf_log ("", GF_LOG_WARNING, "volume name too long");
+                ret = 0;
+                goto out;
+        }
+        memcpy (volinfo->volname, volname, volname_len+1);
         glusterd_store_brickinfopath_set (volinfo, brickinfo, brickpath,
                                                 sizeof (brickpath));
 
-- 
cgit