From a5a87f0d07dbcebbc5e1c9c6e0df5a8c77b6fa2d Mon Sep 17 00:00:00 2001
From: Venkatesh Somyajulu <vsomyaju@redhat.com>
Date: Wed, 3 Apr 2013 16:59:27 +0530
Subject: dict: Put "goto out" in dict_unserialize to avoid process crash

Problem:
In the dictionary serialization function, if the
[(buf + vallen) > (orig_buf + size)], then memdup is getting failed.

Fix:
Put "goto out" whenever this condition is met.

Change-Id: I662628a936596dbb47825aad47d7dbab2879eb07
BUG: 947824
Signed-off-by: Venkatesh Somyajulu <vsomyaju@redhat.com>
Reviewed-on: http://review.gluster.org/4767
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
---
 libglusterfs/src/dict.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'libglusterfs')

diff --git a/libglusterfs/src/dict.c b/libglusterfs/src/dict.c
index 72dd7e7aa..b017f87e5 100644
--- a/libglusterfs/src/dict.c
+++ b/libglusterfs/src/dict.c
@@ -2576,6 +2576,7 @@ dict_unserialize (char *orig_buf, int32_t size, dict_t **fill)
                                           "available (%lu) < required (%lu)",
                                           (long)(orig_buf + size),
                                           (long)(buf + vallen));
+                        goto out;
                 }
                 value = get_new_data ();
                 value->len  = vallen;
-- 
cgit