summaryrefslogtreecommitdiffstats
path: root/xlators/protocol
diff options
context:
space:
mode:
authorKrutika Dhananjay <kdhananj@redhat.com>2012-11-28 22:29:36 +0530
committerAnand Avati <avati@redhat.com>2012-12-19 13:18:58 -0800
commitda7ca1efcf3a621c27f05d621715e57fdc5aa397 (patch)
tree59d2ae86837f00d68a1348604ba5a9a2c70b9221 /xlators/protocol
parent6b0d888e0729e7f7922d9b0a76dc27bae724e812 (diff)
protocol/server: Do not access key after GF_FREE in _delete_auth_opt()
PROBLEMS: 1.'key' becomes a dangling pointer after the first call to dict_del() returns, in _delete_auth_opt(). Therefore, the second call to fnmatch() is made with 'key' pointing to deallocated space. 2. Also, the name _delete_auth_opt seems to suggest that the function is intended to match and delete "auth" options from the dictionary. But it winds up deleting all the options irrespective of whether the pattern match was successful or not. The same is true with _copy_auth_opt(). FIX: Changed _delete_auth_opt() to delete the key ONLY if it matches either of the two patterns (auth.addr.*.allow and auth.addr.*.reject). Similarly, changed _copy_auth_opt() along the same lines. Change-Id: Ic8664e5a0a29cefe43cb59a27e32fbdbeac154b5 BUG: 881062 Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com> Reviewed-on: http://review.gluster.org/4337 Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'xlators/protocol')
-rw-r--r--xlators/protocol/server/src/server.c29
1 files changed, 18 insertions, 11 deletions
diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c
index 908f62a..19f09a8 100644
--- a/xlators/protocol/server/src/server.c
+++ b/xlators/protocol/server/src/server.c
@@ -839,13 +839,16 @@ static int
_delete_auth_opt (dict_t *this, char *key, data_t *value, void *data)
{
char *auth_option_pattern[] = { "auth.addr.*.allow",
- "auth.addr.*.reject"};
+ "auth.addr.*.reject",
+ NULL};
+ int i = 0;
- if (fnmatch ( auth_option_pattern[0], key, 0) != 0)
- dict_del (this, key);
-
- if (fnmatch ( auth_option_pattern[1], key, 0) != 0)
- dict_del (this, key);
+ for (i = 0; auth_option_pattern[i]; i++) {
+ if (fnmatch (auth_option_pattern[i], key, 0) == 0) {
+ dict_del (this, key);
+ break;
+ }
+ }
return 0;
}
@@ -855,12 +858,16 @@ static int
_copy_auth_opt (dict_t *unused, char *key, data_t *value, void *xl_dict)
{
char *auth_option_pattern[] = { "auth.addr.*.allow",
- "auth.addr.*.reject"};
- if (fnmatch ( auth_option_pattern[0], key, 0) != 0)
- dict_set ((dict_t *)xl_dict, key, (value));
+ "auth.addr.*.reject",
+ NULL};
+ int i = 0;
- if (fnmatch ( auth_option_pattern[1], key, 0) != 0)
- dict_set ((dict_t *)xl_dict, key, (value));
+ for (i = 0; auth_option_pattern [i]; i++) {
+ if (fnmatch (auth_option_pattern[i], key, 0) == 0) {
+ dict_set ((dict_t *)xl_dict, key, value);
+ break;
+ }
+ }
return 0;
}