fuse: correctly handle setxattr values

The setxattr function receives a pointer to raw data, which may not be
null-terminated. When this data needs to be interpreted as a string, an
explicit null termination needs to be added before using the value.

Change-Id: Id110f9b215b22786da5782adec9449ce38d0d563
updates: bz#1193929
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>

3 files changed, 42 insertions, 8 deletions

diff --git a/libglusterfs/src/glusterfs/xlator.h b/libglusterfs/src/glusterfs/xlator.h
index 7002657d0bc..acd8be0913a 100644
--- a/libglusterfs/src/glusterfs/xlator.h
+++ b/libglusterfs/src/glusterfs/xlator.h
@@ -1036,7 +1036,7 @@ loc_is_nameless(loc_t *loc);
 int
 xlator_mem_acct_init(xlator_t *xl, int num_types);
 int
-is_gf_log_command(xlator_t *trans, const char *name, char *value);
+is_gf_log_command(xlator_t *trans, const char *name, char *value, size_t size);
 int
 glusterd_check_log_level(const char *value);
 int
diff --git a/libglusterfs/src/xlator.c b/libglusterfs/src/xlator.c
index dc1e88770fb..9bdbc569ab4 100644
--- a/libglusterfs/src/xlator.c
+++ b/libglusterfs/src/xlator.c
@@ -1271,8 +1271,21 @@ xlator_destroy(xlator_t *xl)
     return 0;
 }
 
+static int32_t
+gf_bin_to_string(char *dst, size_t size, void *src, size_t len)
+{
+    if (len >= size) {
+        return EINVAL;
+    }
+
+    memcpy(dst, src, len);
+    dst[len] = 0;
+
+    return 0;
+}
+
 int
-is_gf_log_command(xlator_t *this, const char *name, char *value)
+is_gf_log_command(xlator_t *this, const char *name, char *value, size_t size)
 {
     xlator_t *trav = NULL;
     char key[1024] = {
@@ -1284,7 +1297,11 @@ is_gf_log_command(xlator_t *this, const char *name, char *value)
     glusterfs_ctx_t *ctx = NULL;
 
     if (!strcmp("trusted.glusterfs.syslog", name)) {
-        ret = gf_string2boolean(value, &syslog_flag);
+        ret = gf_bin_to_string(key, sizeof(key), value, size);
+        if (ret != 0) {
+            goto out;
+        }
+        ret = gf_string2boolean(key, &syslog_flag);
         if (ret) {
             ret = EOPNOTSUPP;
             goto out;
@@ -1300,7 +1317,12 @@ is_gf_log_command(xlator_t *this, const char *name, char *value)
     if (fnmatch("trusted.glusterfs*set-log-level", name, FNM_NOESCAPE))
         goto out;
 
-    log_level = glusterd_check_log_level(value);
+    ret = gf_bin_to_string(key, sizeof(key), value, size);
+    if (ret != 0) {
+        goto out;
+    }
+
+    log_level = glusterd_check_log_level(key);
     if (log_level == -1) {
         ret = EOPNOTSUPP;
         goto out;
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index c3945d7a13c..3479d40ceeb 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -3989,7 +3989,7 @@ fuse_setxattr(xlator_t *this, fuse_in_header_t *finh, void *msg,
 
     /* Check if the command is for changing the log
        level of process or specific xlator */
-    ret = is_gf_log_command(this, name, value);
+    ret = is_gf_log_command(this, name, value, fsi->size);
     if (ret >= 0) {
         op_errno = ret;
         goto done;
@@ -4034,11 +4034,23 @@ fuse_setxattr(xlator_t *this, fuse_in_header_t *finh, void *msg,
          * fixups to make sure that's the case.  To avoid nasty
          * surprises, allocate an extra byte and add a NUL here.
          */
-        dict_value = memdup(value, fsi->size + 1);
+        dict_value = GF_MALLOC(fsi->size + 1, gf_common_mt_char);
+        if (dict_value == NULL) {
+            gf_log("glusterfs-fuse", GF_LOG_ERROR,
+                   "%" PRIu64 ": SETXATTR value allocation failed",
+                   finh->unique);
+            op_errno = ENOMEM;
+            goto done;
+        }
+        memcpy(dict_value, value, fsi->size);
         dict_value[fsi->size] = '\0';
     }
-    dict_set(state->xattr, newkey,
-             data_from_dynptr((void *)dict_value, fsi->size));
+    ret = dict_set_dynptr(state->xattr, newkey, dict_value, fsi->size);
+    if (ret < 0) {
+        op_errno = -ret;
+        GF_FREE(dict_value);
+        goto done;
+    }
 
     state->flags = fsi->flags;
     state->name = newkey;