From d64fdf867fef36422ab84f2918f5d925597bc7d4 Mon Sep 17 00:00:00 2001 From: Harpreet Kaur Date: Fri, 14 Dec 2018 13:12:26 +0530 Subject: posix: stack-buffer-overflow reported by asan This patch fixes buffer overflow in $SRC/xlators/storage/posix/src/posix-inode-fd-ops.c Memory access at offset 432 overflows "md5_checksum" variable. SUMMARY: AddressSanitizer: stack-buffer-overflow (/lib64/libasan.so.5+0xb825a) updates: bz#1633930 Change-Id: I46010a09161d02cdf0c69679a334ec1d3d49cffb Signed-off-by: Harpreet Kaur --- xlators/protocol/server/src/server-common.c | 3 ++- xlators/storage/posix/src/posix-inode-fd-ops.c | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/xlators/protocol/server/src/server-common.c b/xlators/protocol/server/src/server-common.c index 0639ac3feb3..ce7f264dd80 100644 --- a/xlators/protocol/server/src/server-common.c +++ b/xlators/protocol/server/src/server-common.c @@ -656,7 +656,8 @@ server4_post_rchecksum(gfx_rchecksum_rsp *rsp, uint32_t weak_checksum, uint8_t *strong_checksum) { rsp->weak_checksum = weak_checksum; - + /* When the length encoding changes, update the change + in posix code also. */ rsp->strong_checksum.strong_checksum_val = (char *)strong_checksum; rsp->strong_checksum.strong_checksum_len = SHA256_DIGEST_LENGTH; rsp->flags = 1; /* Indicates SHA256 TYPE */ diff --git a/xlators/storage/posix/src/posix-inode-fd-ops.c b/xlators/storage/posix/src/posix-inode-fd-ops.c index d2324823592..9867d5fac69 100644 --- a/xlators/storage/posix/src/posix-inode-fd-ops.c +++ b/xlators/storage/posix/src/posix-inode-fd-ops.c @@ -5571,7 +5571,9 @@ posix_rchecksum(call_frame_t *frame, xlator_t *this, fd_t *fd, off_t offset, ssize_t bytes_read = 0; int32_t weak_checksum = 0; int32_t zerofillcheck = 0; - unsigned char md5_checksum[MD5_DIGEST_LENGTH] = {0}; + /* Protocol version 4 uses 32 bytes i.e SHA256_DIGEST_LENGTH, + so this is used. */ + unsigned char md5_checksum[SHA256_DIGEST_LENGTH] = {0}; unsigned char strong_checksum[SHA256_DIGEST_LENGTH] = {0}; unsigned char *checksum = NULL; struct posix_private *priv = NULL; -- cgit