From d3ec5f5a089edb68206b5d4a469358867340d4f7 Mon Sep 17 00:00:00 2001
From: Amar Tumballi <amarts@redhat.com>
Date: Thu, 1 Nov 2018 07:08:29 +0530
Subject: glusterd-handshake: prevent a buffer overflow

as key size in xdr can be anything, it can be bigger than the
'NAME_MAX' allowed in the structure, which can allow for service denial
attacks.

Fixes: CVE-2018-14653

Fixes: bz#1644756
Change-Id: I2dc5e99af27ddf44c12c94b07e51adb8674cce80
Signed-off-by: Amar Tumballi <amarts@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-handshake.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c
index d341b4918d2..53b500f4986 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handshake.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c
@@ -913,6 +913,13 @@ __server_getspec(rpcsvc_request_t *req)
 
     volume = args.key;
 
+    if (strlen(volume) >= (NAME_MAX)) {
+        op_errno = EINVAL;
+        gf_msg(this->name, GF_LOG_ERROR, EINVAL, GD_MSG_NAME_TOO_LONG,
+               "volume name too long (%s)", volume);
+        goto fail;
+    }
+
     /* Need to strip leading '/' from volnames. This was introduced to
      * support nfs style mount parameters for native gluster mount
      */
-- 
cgit