From c962e2cbd73e78f31e690f7b1f8456616006c543 Mon Sep 17 00:00:00 2001
From: Kotresh HR <khiremat@redhat.com>
Date: Fri, 12 Oct 2018 14:25:00 +0530
Subject: glusterd/geo-rep: Fix memory corruption

Problem and Analysis:
The length of canonical format of uuid is 36 but
'GF_UUID_BUF_SIZE 50' was being used everywhere.
glusterd/geo-rep code was earlier using strncpy,
but recently changes to memcpy with the drive
to avoid strncpys. This leads to memory corruption
and glusterd is crashing without a core with geo-rep
creation with ASAN build.

Fix:
'GF_UUID_BUF_SIZE 37' (+ 1 for NULL byte)
And change geo-rep to use UUID_CANONICAL_FORM_LEN
instead

Updates: bz#1633930
Change-Id: Ibd347d542b92e64a96ce06780cda643557233bc7
Signed-off-by: Kotresh HR <khiremat@redhat.com>
---
 libglusterfs/src/glusterfs.h                 | 2 +-
 xlators/mgmt/glusterd/src/glusterd-geo-rep.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libglusterfs/src/glusterfs.h b/libglusterfs/src/glusterfs.h
index 376b7a7c673..1ebe2d8d1cd 100644
--- a/libglusterfs/src/glusterfs.h
+++ b/libglusterfs/src/glusterfs.h
@@ -284,7 +284,7 @@ enum gf_internal_fop_indicator {
 /* GlusterFS's maximum supported Auxiliary GIDs */
 #define GF_MAX_AUX_GROUPS 65535
 
-#define GF_UUID_BUF_SIZE 50
+#define GF_UUID_BUF_SIZE 37          /* UUID_CANONICAL_FORM_LEN + NULL */
 #define GF_UUID_BNAME_BUF_SIZE (320) /* (64 + 256) */
 
 #define GF_REBALANCE_TID_KEY "rebalance-id"
diff --git a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c
index dedd243c2dd..1aa38686d6f 100644
--- a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c
+++ b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c
@@ -588,7 +588,7 @@ struct slave_vol_config {
     char old_slvhost[_POSIX_HOST_NAME_MAX + 1];
     char old_slvuser[LOGIN_NAME_MAX];
     unsigned old_slvidx;
-    char slave_voluuid[GF_UUID_BUF_SIZE];
+    char slave_voluuid[UUID_CANONICAL_FORM_LEN + 1];
 };
 
 static int
@@ -1769,7 +1769,7 @@ glusterd_store_slave_in_info(glusterd_volinfo_t *volinfo, char *slave,
         goto out;
 
     /* Given the slave volume uuid, check and get any existing slave */
-    memcpy(slave1.slave_voluuid, slave_voluuid, GF_UUID_BUF_SIZE);
+    memcpy(slave1.slave_voluuid, slave_voluuid, UUID_CANONICAL_FORM_LEN);
     ret = dict_foreach(volinfo->gsync_slaves, _get_slave_idx_slave_voluuid,
                        &slave1);
 
-- 
cgit