glusterfs.git/xlators/protocol/server, branch v5.3

all: fix the format string exceptions

2018-11-09T14:03:02+00:00

Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.

While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.

Fixes: CVE-2018-14661

Fixes: bz#1647666
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi

server: don't allow '/' in basename

2018-11-08T19:06:17+00:00

Server stack needs to have all the sort of validation, assuming
clients can be compromized. It is possible for a compromized
client to send basenames with paths with '/', and with that
create files without permission on server. By sanitizing the basename,
and not allowing anything other than actual directory as the parent
for any entry creation, we can mitigate the effects of clients
not able to exploit the server.

Fixes: CVE-2018-14651

Fixes: bz#1647663
Change-Id: I5dc0da0da2713452ff2b65ac2ddbccf1a267dc20
Signed-off-by: Amar Tumballi

protocol: remove the option 'verify-volfile-checksum'

2018-11-08T15:47:43+00:00

'getspec' operation is not used between 'client' and 'server' ever since
we have off-loaded volfile management to glusterd, ie, at least 7 years.

No reason to keep the dead code! The removed option had no meaning,
as glusterd didn't provide a way to set (or unset) this option. So,
no regression should be observed from any of the existing glusterfs
deployment, supported or unsupported.

Updates: CVE-2018-14653

Updates: bz#1647664
Change-Id: I4a2e0f673c5bcd4644976a61dbd2d37003a428eb
Signed-off-by: Amar Tumballi

Land part 2 of clang-format changes

2018-09-12T12:22:45+00:00

Change-Id: Ia84cc24c8924e6d22d02ac15f611c10e26db99b4
Signed-off-by: Nigel Babu

Land clang-format changes

2018-09-12T11:52:48+00:00

Change-Id: I6f5d8140a06f3c1b2d196849299f8d483028d33b

protocol: don't use alloca

2018-09-05T09:23:53+00:00

current implementation of alloca can cause issues when strings larger
than the allocated buffer is passed to the xdr. Hence it makes sense
to allow XDR decode functions to deal with memory allocations, which
we can free later.

Fixes: bz#1625097

Change-Id: I3a05553f5702de9575c244649ca0e5ac9abaac94
Signed-off-by: Amar Tumballi

server-protocol: don't allow '../' path in 'name'

2018-09-05T09:23:26+00:00

This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

Fixes: bz#1625095

Signed-off-by: Amar Tumballi 
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e

xlators: add classification flag to some

2018-09-04T09:16:36+00:00

Add classification to those translators which has `xlator_api_t`
already defined and used.

Updates: #430
Change-Id: I9d2772cb2c4ed4ab06aaa546500cf3b7d00bddac
Signed-off-by: Amar Tumballi

multiple xlators: move from strlen() to sizeof()

2018-08-31T06:13:54+00:00

xlators/performance/nl-cache/src/nl-cache.c
xlators/performance/md-cache/src/md-cache.c
xlators/protocol/server/src/authenticate.c
xlators/storage/bd/src/bd-helper.c

For const strings, just do compile time size calc instead of runtime.

Compile-tested only!

Change-Id: I9b98940a38d85321a69436a1871930da367b918a
updates: bz#1193929
Signed-off-by: Yaniv Kaul

clang-scan: fix multiple issues

2018-08-31T01:26:06+00:00

* Buffer overflow issue in glusterfsd
* Null argument passed to function expecting non-null (event-epoll)
* Make sure the op_ret value is set in macro (posix)

Updates: bz#1622665

Change-Id: I32b378fc40a5e3ee800c0dfbc13335d44c9db9ac
Signed-off-by: Amar Tumballi