feature/changelog: Fix buffer overflow crash

The buffer used to hold the basename was hard coded to the size of NAME_MAX(255). It might lead to buffer overflow crashes when the basename which is sent is more than NAME_MAX length. Fixed the same. > Change-Id: I6c1cad3ccaeb8c55549b1d3c5f96a198f65ba2b7 > BUG: 1463178 > Signed-off-by: Kotresh HR <khiremat@redhat.com> > Reviewed-on: https://review.gluster.org/17579 > CentOS-regression: Gluster Build System <jenkins@build.gluster.org> > NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> > Smoke: Gluster Build System <jenkins@build.gluster.org> > Reviewed-by: jiffin tony Thottan <jthottan@redhat.com> (cherry picked from commit b224f4253b7d3de3077ee35c8bdc20618eae4b7c) Change-Id: I6c1cad3ccaeb8c55549b1d3c5f96a198f65ba2b7 BUG: 1463626 Signed-off-by: Kotresh HR <khiremat@redhat.com> Reviewed-on: https://review.gluster.org/17593 Smoke: Gluster Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Zhou Zhengping <johnzzpcrystal@gmail.com> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
author: Kotresh HR <khiremat@redhat.com> 2017-06-20 06:26:18 -0400
committer: Shyamsundar Ranganathan <srangana@redhat.com> 2017-07-03 12:43:25 +0000
commit: cf3030cf115cf9603afd1d631c20c127c811958e (patch)
tree: 0f669672a5bc14394092156c0b328d8e6f060316
parent: 8b7aee4f5419552ee4db7a05e8623cee00dd4d2f (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/xlators/features/changelog/src/changelog.c b/xlators/features/changelog/src/changelog.c
index a8bd6bde34b..8112d42d316 100644
--- a/xlators/features/changelog/src/changelog.c
+++ b/xlators/features/changelog/src/changelog.c
@@ -221,8 +221,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this,
         gf_boolean_t                 barrier_enabled = _gf_false;
         dht_changelog_rename_info_t  *info           = NULL;
         int                          ret             = 0;
-        char                         old_name[NAME_MAX] = {0};
-        char                         new_name[NAME_MAX] = {0};
+        char                        *old_name        = NULL;
+        char                        *new_name        = NULL;
         char                         *nname             = NULL;
 
         INIT_LIST_HEAD (&queue);
@@ -233,6 +233,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this,
         ret = dict_get_bin (xdata, DHT_CHANGELOG_RENAME_OP_KEY, (void **)&info);
         if (!ret) {     /* special case: unlink considered as rename */
                 /* 3 == fop + oldloc + newloc */
+                old_name = alloca (info->oldname_len);
+                new_name = alloca (info->newname_len);
                 CHANGELOG_INIT_NOCHECK (this, frame->local,
                                         NULL, loc->inode->gfid, 3);
author	Kotresh HR <khiremat@redhat.com>	2017-06-20 06:26:18 -0400
committer	Shyamsundar Ranganathan <srangana@redhat.com>	2017-07-03 12:43:25 +0000
commit	cf3030cf115cf9603afd1d631c20c127c811958e (patch)
tree	0f669672a5bc14394092156c0b328d8e6f060316
parent	8b7aee4f5419552ee4db7a05e8623cee00dd4d2f (diff)