summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKotresh HR <khiremat@redhat.com>2017-06-20 06:26:18 -0400
committerShyamsundar Ranganathan <srangana@redhat.com>2017-07-03 12:43:25 +0000
commitcf3030cf115cf9603afd1d631c20c127c811958e (patch)
tree0f669672a5bc14394092156c0b328d8e6f060316
parent8b7aee4f5419552ee4db7a05e8623cee00dd4d2f (diff)
feature/changelog: Fix buffer overflow crash
The buffer used to hold the basename was hard coded to the size of NAME_MAX(255). It might lead to buffer overflow crashes when the basename which is sent is more than NAME_MAX length. Fixed the same. > Change-Id: I6c1cad3ccaeb8c55549b1d3c5f96a198f65ba2b7 > BUG: 1463178 > Signed-off-by: Kotresh HR <khiremat@redhat.com> > Reviewed-on: https://review.gluster.org/17579 > CentOS-regression: Gluster Build System <jenkins@build.gluster.org> > NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> > Smoke: Gluster Build System <jenkins@build.gluster.org> > Reviewed-by: jiffin tony Thottan <jthottan@redhat.com> (cherry picked from commit b224f4253b7d3de3077ee35c8bdc20618eae4b7c) Change-Id: I6c1cad3ccaeb8c55549b1d3c5f96a198f65ba2b7 BUG: 1463626 Signed-off-by: Kotresh HR <khiremat@redhat.com> Reviewed-on: https://review.gluster.org/17593 Smoke: Gluster Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Zhou Zhengping <johnzzpcrystal@gmail.com> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
-rw-r--r--xlators/features/changelog/src/changelog.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/xlators/features/changelog/src/changelog.c b/xlators/features/changelog/src/changelog.c
index a8bd6bd..8112d42 100644
--- a/xlators/features/changelog/src/changelog.c
+++ b/xlators/features/changelog/src/changelog.c
@@ -221,8 +221,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this,
gf_boolean_t barrier_enabled = _gf_false;
dht_changelog_rename_info_t *info = NULL;
int ret = 0;
- char old_name[NAME_MAX] = {0};
- char new_name[NAME_MAX] = {0};
+ char *old_name = NULL;
+ char *new_name = NULL;
char *nname = NULL;
INIT_LIST_HEAD (&queue);
@@ -233,6 +233,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this,
ret = dict_get_bin (xdata, DHT_CHANGELOG_RENAME_OP_KEY, (void **)&info);
if (!ret) { /* special case: unlink considered as rename */
/* 3 == fop + oldloc + newloc */
+ old_name = alloca (info->oldname_len);
+ new_name = alloca (info->newname_len);
CHANGELOG_INIT_NOCHECK (this, frame->local,
NULL, loc->inode->gfid, 3);