diff options
| author | Dmitry Antipov <dmantipov@yandex.ru> | 2019-12-26 15:25:35 +0300 |
|---|---|---|
| committer | Amar Tumballi <amarts@gmail.com> | 2019-12-27 16:59:42 +0000 |
| commit | 7656aec3b9ef60592c8cf251dfb5cdb6088cd328 (patch) | |
| tree | f746427618b260c3ad759437cc1bb62395019463 /xlators/mount/fuse/src | |
| parent | f5aafeffed3a5363ff200e9300dec5855f680d9c (diff) | |
Avoid buffer overwrite due to uuid_utoa() misuse
Code like:
f(..., uuid_utoa(x), uuid_utoa(y));
is not valid (causes undefined behaviour) because uuid_utoa()
uses the only static thread-local buffer which will be overwritten
by the subsequent call. All such cases should be converted to use
uuid_utoa_r() with explicitly specified buffer.
Change-Id: I5e72bab806d96a9dd1707c28ed69ca033b9c8d6c
Updates: bz#1193929
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Diffstat (limited to 'xlators/mount/fuse/src')
| -rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.c | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index 5bfaf2c2ac1..b41a0fcfa22 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -2354,21 +2354,26 @@ fuse_rename_cbk(call_frame_t *frame, void *cookie, xlator_t *this, { fuse_state_t *state = NULL; fuse_in_header_t *finh = NULL; + char loc_uuid_str[64] = {0}, loc2_uuid_str[64] = {0}; state = frame->root->state; finh = state->finh; - fuse_log_eh(this, - "op_ret: %d, op_errno: %d, %" PRIu64 - ": %s() " - "path: %s parent: %s ==> path: %s parent: %s" - "gfid: %s", - op_ret, op_errno, frame->root->unique, - gf_fop_list[frame->root->op], state->loc.path, - state->loc.parent ? uuid_utoa(state->loc.parent->gfid) : "", - state->loc2.path, - state->loc2.parent ? uuid_utoa(state->loc2.parent->gfid) : "", - state->loc.inode ? uuid_utoa(state->loc.inode->gfid) : ""); + fuse_log_eh( + this, + "op_ret: %d, op_errno: %d, %" PRIu64 + ": %s() " + "path: %s parent: %s ==> path: %s parent: %s" + "gfid: %s", + op_ret, op_errno, frame->root->unique, gf_fop_list[frame->root->op], + state->loc.path, + (state->loc.parent ? uuid_utoa_r(state->loc.parent->gfid, loc_uuid_str) + : ""), + state->loc2.path, + (state->loc2.parent + ? uuid_utoa_r(state->loc2.parent->gfid, loc2_uuid_str) + : ""), + state->loc.inode ? uuid_utoa(state->loc.inode->gfid) : ""); /* need to check for loc->parent to keep clang-scan happy. It gets dereferenced below, and is checked for NULL above. */ @@ -3101,15 +3106,18 @@ fuse_copy_file_range_cbk(call_frame_t *frame, void *cookie, xlator_t *this, void fuse_copy_file_range_resume(fuse_state_t *state) { + char fd_uuid_str[64] = {0}, fd_dst_uuid_str[64] = {0}; + gf_log("glusterfs-fuse", GF_LOG_TRACE, "%" PRIu64 ": COPY_FILE_RANGE " "(input fd: %p (gfid: %s), " "output fd: %p (gfid: %s) size=%zu, " "offset_in=%" PRIu64 ", offset_out=%" PRIu64 ")", - state->finh->unique, state->fd, uuid_utoa(state->fd->inode->gfid), - state->fd_dst, uuid_utoa(state->fd_dst->inode->gfid), state->size, - state->off_in, state->off_out); + state->finh->unique, state->fd, + uuid_utoa_r(state->fd->inode->gfid, fd_uuid_str), state->fd_dst, + uuid_utoa_r(state->fd_dst->inode->gfid, fd_dst_uuid_str), + state->size, state->off_in, state->off_out); FUSE_FOP(state, fuse_copy_file_range_cbk, GF_FOP_COPY_FILE_RANGE, copy_file_range, state->fd, state->off_in, state->fd_dst, |