diff options
author | Kotresh HR <khiremat@redhat.com> | 2017-06-20 06:26:18 -0400 |
---|---|---|
committer | Raghavendra Talur <rtalur@redhat.com> | 2017-06-30 11:45:49 +0000 |
commit | 70be0c14760ce1581515151254d65899ad616324 (patch) | |
tree | 501f5b961bfb3f058bb7fe5b7c0909af43d9049b /xlators/features | |
parent | 5ad6e1e07f5304deb022ebd54dbbdac6f9c651fb (diff) |
feature/changelog: Fix buffer overflow crash
The buffer used to hold the basename was hard coded
to the size of NAME_MAX(255). It might lead to buffer
overflow crashes when the basename which is sent
is more than NAME_MAX length. Fixed the same.
> Change-Id: I6c1cad3ccaeb8c55549b1d3c5f96a198f65ba2b7
> BUG: 1463178
> Signed-off-by: Kotresh HR <khiremat@redhat.com>
> Reviewed-on: https://review.gluster.org/17579
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
> Smoke: Gluster Build System <jenkins@build.gluster.org>
> Reviewed-by: jiffin tony Thottan <jthottan@redhat.com>
(cherry picked from commit b224f4253b7d3de3077ee35c8bdc20618eae4b7c)
Change-Id: I6c1cad3ccaeb8c55549b1d3c5f96a198f65ba2b7
BUG: 1463623
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: https://review.gluster.org/17592
Smoke: Gluster Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Zhou Zhengping <johnzzpcrystal@gmail.com>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Raghavendra Talur <rtalur@redhat.com>
Diffstat (limited to 'xlators/features')
-rw-r--r-- | xlators/features/changelog/src/changelog.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/xlators/features/changelog/src/changelog.c b/xlators/features/changelog/src/changelog.c index a8bd6bde34b..8112d42d316 100644 --- a/xlators/features/changelog/src/changelog.c +++ b/xlators/features/changelog/src/changelog.c @@ -221,8 +221,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this, gf_boolean_t barrier_enabled = _gf_false; dht_changelog_rename_info_t *info = NULL; int ret = 0; - char old_name[NAME_MAX] = {0}; - char new_name[NAME_MAX] = {0}; + char *old_name = NULL; + char *new_name = NULL; char *nname = NULL; INIT_LIST_HEAD (&queue); @@ -233,6 +233,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this, ret = dict_get_bin (xdata, DHT_CHANGELOG_RENAME_OP_KEY, (void **)&info); if (!ret) { /* special case: unlink considered as rename */ /* 3 == fop + oldloc + newloc */ + old_name = alloca (info->oldname_len); + new_name = alloca (info->newname_len); CHANGELOG_INIT_NOCHECK (this, frame->local, NULL, loc->inode->gfid, 3); |