From 1a40438f210ecab26a8fa1e3ca8fce01cf0623dc Mon Sep 17 00:00:00 2001
From: Venkatesh Somyajulu <vsomyaju@redhat.com>
Date: Wed, 3 Apr 2013 17:31:57 +0530
Subject: dict: Put "goto out" in dict_unserialize to avoid process crash

Problem:
In the dictionary serialization function, if the
[(buf + vallen) > (orig_buf + size)], then memdup is getting failed.

Fix:
Put "goto out" whenever this condition is met.

Change-Id: I8c07dd5187364ccd6ad7625e2e3907d8b56447a9
BUG: 947824
Signed-off-by: Venkatesh Somyajulu <vsomyaju@redhat.com>
Reviewed-on: http://review.gluster.org/4771
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
---
 libglusterfs/src/dict.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'libglusterfs')

diff --git a/libglusterfs/src/dict.c b/libglusterfs/src/dict.c
index 72dd7e7aada..b017f87e5e8 100644
--- a/libglusterfs/src/dict.c
+++ b/libglusterfs/src/dict.c
@@ -2576,6 +2576,7 @@ dict_unserialize (char *orig_buf, int32_t size, dict_t **fill)
                                           "available (%lu) < required (%lu)",
                                           (long)(orig_buf + size),
                                           (long)(buf + vallen));
+                        goto out;
                 }
                 value = get_new_data ();
                 value->len  = vallen;
-- 
cgit