diff options
| author | Kinglong Mee <kinglongmee@gmail.com> | 2018-11-12 21:52:24 +0800 |
|---|---|---|
| committer | Shyamsundar Ranganathan <srangana@redhat.com> | 2018-11-13 20:45:15 +0000 |
| commit | 435c8a92b8bafe2e15e130a31dfdfc14ff40b40a (patch) | |
| tree | e405e81a7a1ea1bb976249fd91282c6e96e4b4cf | |
| parent | 786a2136ac1a6a3d1e7566a923a32ed9af77e1bf (diff) | |
gfapi: fix bad dict setting of lease-id
lease_id is a 16 bits opaque data, copying it by gf_strdup is wrong.
Invalid read of size 2
at 0x483FA2F: memmove (vg_replace_strmem.c:1270)
by 0xE2EF6FB: ??? (in /usr/lib64/libtirpc.so.3.0.0)
by 0xE2EE047: xdr_opaque (in /usr/lib64/libtirpc.so.3.0.0)
by 0x107A97DC: xdr_gfx_value (glusterfs4-xdr.c:207)
by 0x107A98C0: xdr_gfx_dict_pair (glusterfs4-xdr.c:321)
by 0xE2EF35E: xdr_array (in /usr/lib64/libtirpc.so.3.0.0)
by 0x107A9A89: xdr_gfx_dict (glusterfs4-xdr.c:335)
by 0x107AA97B: xdr_gfx_write_req (glusterfs4-xdr.c:897)
by 0x107A181E: xdr_serialize_generic (xdr-generic.c:25)
by 0x231044A2: client_submit_request (client.c:205)
by 0x2314D3C1: client4_0_writev (client-rpc-fops_v2.c:3863)
by 0x230FD5FA: client_writev (client.c:956)
Address 0xad659e18 is 72 bytes inside a block of size 73 alloc'd
at 0x483880B: malloc (vg_replace_malloc.c:299)
by 0x106BA7EC: __gf_malloc (mem-pool.c:136)
by 0x1064521E: gf_strndup (mem-pool.h:166)
by 0x1064521E: gf_strdup (mem-pool.h:183)
by 0x1064521E: get_fop_attr_thrd_key (glfs.c:627)
by 0x1064D8E9: glfs_pwritev@@GFAPI_3.4.0 (glfs-fops.c:1154)
by 0x10610C0C: glusterfs_write2 (handle.c:2092)
by 0x54D30C: mdcache_write2 (mdcache_file.c:647)
by 0x48A3FC: nfs4_write (nfs4_op_write.c:459)
by 0x48A44D: nfs4_op_write (nfs4_op_write.c:487)
by 0x4634F5: nfs4_Compound (nfs4_Compound.c:947)
by 0x460155: nfs_rpc_process_request (nfs_worker_thread.c:1329)
by 0x4608A3: nfs_rpc_valid_NFS (nfs_worker_thread.c:1539)
by 0x488F12F: svc_vc_decode (svc_vc.c:825)
Backport of:
> Patch: https://review.gluster.org/21586/
> BUG: bz#1647651
> Change-Id: Ib9fff55c897bc43c15036a869888e763df133757
> Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
(cherry picked from commit 6d4cd8ce6c0d88d331ffed97c51d3061a3900561)
Updates bz#1648938
Change-Id: I881d1e9aeb343d456cbf80d16bc46fd4a81a8e43
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
| -rw-r--r-- | api/src/glfs.c | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/api/src/glfs.c b/api/src/glfs.c index 508191ec8b1..9b47709eea0 100644 --- a/api/src/glfs.c +++ b/api/src/glfs.c @@ -607,7 +607,7 @@ get_fop_attr_glfd (dict_t **fop_attr, struct glfs_fd *glfd) dict_create = _gf_true; } GF_CHECK_ALLOC_AND_LOG("gfapi", *fop_attr, ret, "dict_new failed", out); - ret = dict_set_static_bin (*fop_attr, "lease-id", leaseid, LEASE_ID_SIZE); + ret = dict_set_bin (*fop_attr, "lease-id", leaseid, LEASE_ID_SIZE); out: if (ret) { GF_FREE (leaseid); @@ -637,26 +637,33 @@ set_fop_attr_glfd (struct glfs_fd *glfd) int get_fop_attr_thrd_key (dict_t **fop_attr) { - char *lease_id = NULL; + char *existing_leaseid = NULL, *leaseid = NULL; int ret = 0; gf_boolean_t dict_create = _gf_false; - lease_id = gf_existing_leaseid (); - if (lease_id) { + existing_leaseid = gf_existing_leaseid (); + if (existing_leaseid) { + leaseid = GF_MALLOC (LEASE_ID_SIZE, gf_common_mt_char); + GF_CHECK_ALLOC_AND_LOG("gfapi", leaseid, ret, + "lease id alloc failed", out); + memcpy (leaseid, existing_leaseid, LEASE_ID_SIZE); if (*fop_attr == NULL) { *fop_attr = dict_new (); dict_create = _gf_true; } GF_CHECK_ALLOC_AND_LOG("gfapi", *fop_attr, ret, "dict_new failed", out); - ret = dict_set_bin (*fop_attr, "lease-id", gf_strdup (lease_id), + ret = dict_set_bin (*fop_attr, "lease-id", leaseid, LEASE_ID_SIZE); } out: - if (ret && dict_create) { - if (*fop_attr) - dict_unref (*fop_attr); - *fop_attr = NULL; + if (ret) { + GF_FREE (leaseid); + if (dict_create) { + if (*fop_attr) + dict_unref (*fop_attr); + *fop_attr = NULL; + } } return ret; } |