summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnand Avati <avati@redhat.com>2013-08-26 21:58:26 -0700
committerVijay Bellur <vbellur@redhat.com>2013-08-29 06:06:01 -0700
commit3a3441ef7665b5f55a9e2de63ea07173bf0f0db0 (patch)
treed4a84c396df2b3bc4565df1d273fa2384c2824da
parentc8ccfda3a7af1552419ba4f9dfb719fbf0e3f211 (diff)
nfs: prevent NFS server crash when upgrading from 3.2.x server
After an upgrade the NFS3 filehandle size changed (became smaller), but when doing a live ugprade the client would send the old handle (expect ESTALE and do fresh lookup). But when reading the old handle we were reading it into a structure which was limited to the size of the new handle, while we should have been reading into a buffer which is as big as the NFS3 spec permits the handle size to be. The actor functions declare the structure on the stack. So the overflow is resulting in a stack corruption. Change-Id: Ie930875ac9db46b43d1cb8ad1e6d89cdaeded7ca BUG: 1002385 Signed-off-by: Anand Avati <avati@redhat.com> Reviewed-on: http://review.gluster.org/5730 Reviewed-by: Rajesh Joseph <rjoseph@redhat.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com>
-rw-r--r--xlators/nfs/server/src/nfs3-fh.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/xlators/nfs/server/src/nfs3-fh.h b/xlators/nfs/server/src/nfs3-fh.h
index 23957d97780..c22f913a3a5 100644
--- a/xlators/nfs/server/src/nfs3-fh.h
+++ b/xlators/nfs/server/src/nfs3-fh.h
@@ -65,6 +65,11 @@ struct nfs3_fh {
/* File/dir gfid. */
uuid_t gfid;
+ /* This structure must be exactly NFS3_FHSIZE (64) bytes long.
+ Having the structure shorter results in buffer overflows
+ during XDR decoding.
+ */
+ unsigned char padding[NFS3_FHSIZE - GF_NFSFH_STATIC_SIZE];
} __attribute__((__packed__));
#define GF_NFS3FH_STATIC_INITIALIZER {{0},}