diff options
| author | Santosh Kumar Pradhan <spradhan@redhat.com> | 2014-05-09 15:01:19 +0530 |
|---|---|---|
| committer | Anand Avati <avati@redhat.com> | 2014-05-17 11:56:01 -0700 |
| commit | 1dd80a2e7762bc72d11a432a1ebd16be181dcb86 (patch) | |
| tree | 3eb57d084579d7d294cd2329181b00bda8f1a2a5 /xlators/protocol | |
| parent | f4944449940ee08d8add767ba81cd5ca8f8611a5 (diff) | |
rpcsvc: Validate RPC procedure number before fetch
While accessing the procedures of given RPC program in,
rpcsvc_get_program_vector_sizer(), It was not checking boundary
conditions which would cause buffer overflow and subsequently SEGV.
Make sure rpcsvc_actor_t arrays have numactors number of actors.
FIX:
Validate the RPC procedure number before fetching the actor.
Special Thanks to: Murray Ketchion, Grant Byers
Change-Id: I8b5abd406d47fab8fca65b3beb73cdfe8cd85b72
BUG: 1096020
Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-on: http://review.gluster.org/7726
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'xlators/protocol')
| -rw-r--r-- | xlators/protocol/client/src/client-callback.c | 2 | ||||
| -rw-r--r-- | xlators/protocol/server/src/server-handshake.c | 2 | ||||
| -rw-r--r-- | xlators/protocol/server/src/server-rpc-fops.c | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/xlators/protocol/client/src/client-callback.c b/xlators/protocol/client/src/client-callback.c index d886862f776..b2707cb395b 100644 --- a/xlators/protocol/client/src/client-callback.c +++ b/xlators/protocol/client/src/client-callback.c @@ -40,7 +40,7 @@ client_cbk_ino_flush (struct rpc_clnt *rpc, void *mydata, void *data) return 0; } -rpcclnt_cb_actor_t gluster_cbk_actors[] = { +rpcclnt_cb_actor_t gluster_cbk_actors[GF_CBK_MAXVALUE] = { [GF_CBK_NULL] = {"NULL", GF_CBK_NULL, client_cbk_null }, [GF_CBK_FETCHSPEC] = {"FETCHSPEC", GF_CBK_FETCHSPEC, client_cbk_fetchspec }, [GF_CBK_INO_FLUSH] = {"INO_FLUSH", GF_CBK_INO_FLUSH, client_cbk_ino_flush }, diff --git a/xlators/protocol/server/src/server-handshake.c b/xlators/protocol/server/src/server-handshake.c index f3ae96ef2ae..6b1a39936f4 100644 --- a/xlators/protocol/server/src/server-handshake.c +++ b/xlators/protocol/server/src/server-handshake.c @@ -766,7 +766,7 @@ fail: return 0; } -rpcsvc_actor_t gluster_handshake_actors[] = { +rpcsvc_actor_t gluster_handshake_actors[GF_HNDSK_MAXVALUE] = { [GF_HNDSK_NULL] = {"NULL", GF_HNDSK_NULL, server_null, NULL, 0, DRC_NA}, [GF_HNDSK_SETVOLUME] = {"SETVOLUME", GF_HNDSK_SETVOLUME, server_setvolume, NULL, 0, DRC_NA}, [GF_HNDSK_GETSPEC] = {"GETSPEC", GF_HNDSK_GETSPEC, server_getspec, NULL, 0, DRC_NA}, diff --git a/xlators/protocol/server/src/server-rpc-fops.c b/xlators/protocol/server/src/server-rpc-fops.c index ee0d6b438c9..c77748d69f1 100644 --- a/xlators/protocol/server/src/server-rpc-fops.c +++ b/xlators/protocol/server/src/server-rpc-fops.c @@ -6136,7 +6136,7 @@ out: } -rpcsvc_actor_t glusterfs3_3_fop_actors[] = { +rpcsvc_actor_t glusterfs3_3_fop_actors[GLUSTER_FOP_PROCCNT] = { [GFS3_OP_NULL] = {"NULL", GFS3_OP_NULL, server_null, NULL, 0, DRC_NA}, [GFS3_OP_STAT] = {"STAT", GFS3_OP_STAT, server3_3_stat, NULL, 0, DRC_NA}, [GFS3_OP_READLINK] = {"READLINK", GFS3_OP_READLINK, server3_3_readlink, NULL, 0, DRC_NA}, |