summaryrefslogtreecommitdiffstats
path: root/rpc/rpc-lib/src
diff options
context:
space:
mode:
authorSantosh Kumar Pradhan <spradhan@redhat.com>2014-05-09 15:01:19 +0530
committerAnand Avati <avati@redhat.com>2014-05-17 11:56:01 -0700
commit1dd80a2e7762bc72d11a432a1ebd16be181dcb86 (patch)
tree3eb57d084579d7d294cd2329181b00bda8f1a2a5 /rpc/rpc-lib/src
parentf4944449940ee08d8add767ba81cd5ca8f8611a5 (diff)
rpcsvc: Validate RPC procedure number before fetch
While accessing the procedures of given RPC program in, rpcsvc_get_program_vector_sizer(), It was not checking boundary conditions which would cause buffer overflow and subsequently SEGV. Make sure rpcsvc_actor_t arrays have numactors number of actors. FIX: Validate the RPC procedure number before fetching the actor. Special Thanks to: Murray Ketchion, Grant Byers Change-Id: I8b5abd406d47fab8fca65b3beb73cdfe8cd85b72 BUG: 1096020 Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-on: http://review.gluster.org/7726 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Rajesh Joseph <rjoseph@redhat.com> Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'rpc/rpc-lib/src')
-rw-r--r--rpc/rpc-lib/src/rpcsvc.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index be9f9a861f0..c443a2e6a10 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -117,6 +117,7 @@ rpcsvc_get_program_vector_sizer (rpcsvc_t *svc, uint32_t prognum,
pthread_mutex_lock (&svc->rpclock);
{
+ /* Find the matching RPC program from registered list */
list_for_each_entry (program, &svc->programs, program) {
if ((program->prognum == prognum)
&& (program->progver == progver)) {
@@ -127,10 +128,20 @@ rpcsvc_get_program_vector_sizer (rpcsvc_t *svc, uint32_t prognum,
}
pthread_mutex_unlock (&svc->rpclock);
- if (found)
+ if (found) {
+ /* Make sure the requested procnum is supported by RPC prog */
+ if ((procnum < 0) || (procnum >= program->numactors)) {
+ gf_log (GF_RPCSVC, GF_LOG_ERROR,
+ "RPC procedure %d not available for Program %s",
+ procnum, program->progname);
+ return NULL;
+ }
+
+ /* SUCCESS: Supported procedure */
return program->actors[procnum].vector_sizer;
- else
- return NULL;
+ }
+
+ return NULL; /* FAIL */
}
gf_boolean_t
@@ -2608,11 +2619,10 @@ out:
}
-rpcsvc_actor_t gluster_dump_actors[] = {
+rpcsvc_actor_t gluster_dump_actors[GF_DUMP_MAXVALUE] = {
[GF_DUMP_NULL] = {"NULL", GF_DUMP_NULL, NULL, NULL, 0, DRC_NA},
[GF_DUMP_DUMP] = {"DUMP", GF_DUMP_DUMP, rpcsvc_dump, NULL, 0, DRC_NA},
[GF_DUMP_PING] = {"PING", GF_DUMP_PING, rpcsvc_ping, NULL, 0, DRC_NA},
- [GF_DUMP_MAXVALUE] = {"MAXVALUE", GF_DUMP_MAXVALUE, NULL, NULL, 0, DRC_NA},
};
@@ -2621,5 +2631,5 @@ struct rpcsvc_program gluster_dump_prog = {
.prognum = GLUSTER_DUMP_PROGRAM,
.progver = GLUSTER_DUMP_VERSION,
.actors = gluster_dump_actors,
- .numactors = sizeof (gluster_dump_actors) / sizeof (gluster_dump_actors[0]) - 1,
+ .numactors = GF_DUMP_MAXVALUE,
};