From 1dd80a2e7762bc72d11a432a1ebd16be181dcb86 Mon Sep 17 00:00:00 2001 From: Santosh Kumar Pradhan Date: Fri, 9 May 2014 15:01:19 +0530 Subject: rpcsvc: Validate RPC procedure number before fetch While accessing the procedures of given RPC program in, rpcsvc_get_program_vector_sizer(), It was not checking boundary conditions which would cause buffer overflow and subsequently SEGV. Make sure rpcsvc_actor_t arrays have numactors number of actors. FIX: Validate the RPC procedure number before fetching the actor. Special Thanks to: Murray Ketchion, Grant Byers Change-Id: I8b5abd406d47fab8fca65b3beb73cdfe8cd85b72 BUG: 1096020 Signed-off-by: Santosh Kumar Pradhan Reviewed-on: http://review.gluster.org/7726 Tested-by: Gluster Build System Reviewed-by: Rajesh Joseph Reviewed-by: Anand Avati --- xlators/mgmt/glusterd/src/glusterd-pmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'xlators/mgmt/glusterd/src/glusterd-pmap.c') diff --git a/xlators/mgmt/glusterd/src/glusterd-pmap.c b/xlators/mgmt/glusterd/src/glusterd-pmap.c index a153ca1a947..a54a87b1d33 100644 --- a/xlators/mgmt/glusterd/src/glusterd-pmap.c +++ b/xlators/mgmt/glusterd/src/glusterd-pmap.c @@ -473,13 +473,13 @@ gluster_pmap_signout (rpcsvc_request_t *req) return glusterd_big_locked_handler (req, __gluster_pmap_signout); } -rpcsvc_actor_t gluster_pmap_actors[] = { +rpcsvc_actor_t gluster_pmap_actors[GF_PMAP_MAXVALUE] = { [GF_PMAP_NULL] = {"NULL", GF_PMAP_NULL, NULL, NULL, 0, DRC_NA}, [GF_PMAP_PORTBYBRICK] = {"PORTBYBRICK", GF_PMAP_PORTBYBRICK, gluster_pmap_portbybrick, NULL, 0, DRC_NA}, [GF_PMAP_BRICKBYPORT] = {"BRICKBYPORT", GF_PMAP_BRICKBYPORT, gluster_pmap_brickbyport, NULL, 0, DRC_NA}, + [GF_PMAP_SIGNUP] = {"SIGNUP", GF_PMAP_SIGNUP, gluster_pmap_signup, NULL, 0, DRC_NA}, [GF_PMAP_SIGNIN] = {"SIGNIN", GF_PMAP_SIGNIN, gluster_pmap_signin, NULL, 0, DRC_NA}, [GF_PMAP_SIGNOUT] = {"SIGNOUT", GF_PMAP_SIGNOUT, gluster_pmap_signout, NULL, 0, DRC_NA}, - [GF_PMAP_SIGNUP] = {"SIGNUP", GF_PMAP_SIGNUP, gluster_pmap_signup, NULL, 0, DRC_NA}, }; -- cgit