From 464d0d15328bd54173b367953ba9ee58d697afe5 Mon Sep 17 00:00:00 2001
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Mon, 27 Apr 2015 06:32:40 +0200
Subject: tier: fix off-by-one overrun in UUID string

UUID strings are UUID_CANONICAL_FORM_LEN (36) bytes long
plus the trailing nul character that various function (e.g.:
uuid_unparse) will add. As a consequence, UUID strings must
be declared as UUID_CANONICAL_FORM_LEN+1 long, otherwise
we get a off-by-one overrun that corrupts the next variable
on stack.

BUG: 1129939
Change-Id: I5837ad6ca06fa17cc7ab143eedd02d8099ecca2a
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/10394
Tested-by: NetBSD Build System
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
---
 xlators/cluster/dht/src/tier.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xlators/cluster/dht/src/tier.c b/xlators/cluster/dht/src/tier.c
index cbe91c362c8..8180d77787d 100644
--- a/xlators/cluster/dht/src/tier.c
+++ b/xlators/cluster/dht/src/tier.c
@@ -389,7 +389,7 @@ static int
 tier_gf_query_callback (gfdb_query_record_t *gfdb_query_record,
                         void *_args) {
         int ret = -1;
-        char gfid_str[UUID_CANONICAL_FORM_LEN] = "";
+        char gfid_str[UUID_CANONICAL_FORM_LEN+1] = "";
         query_cbk_args_t *query_cbk_args = _args;
 
         GF_VALIDATE_OR_GOTO ("tier", query_cbk_args, out);
-- 
cgit