From 5070aa3973066ba7347b14b4b993dcde11e08165 Mon Sep 17 00:00:00 2001 From: Krutika Dhananjay Date: Mon, 30 Jul 2012 22:31:31 +0530 Subject: protocol/client: Fix negative return in client_setvolume PROBLEM: The function dict_serialized_length could, owing to an error, return a negative integer (-EINVAL) that gets assigned to an unsigned int member 'dict_len' of gf_setvolume_req structure. FIX: Hold the value returned by dict_serialized_length in local variable ret (which is a signed int). Test if ret is negative, in which case the control would anyway branch to the label fail where the function returns. Otherwise dict_len is assigned with ret, in turn giving a more meaningful value to the attribute length. TEST: Attached gdb to glusterfs mount process, set breakpoint at client_setvolume, forced dict_serialized_length to return -EINVAL (indirectly by forcing _dict_serialized_length to return -EINVAL after setting count to -1 within its body) and checked the value of ret (which is now sure to contain a negative value) whose value will be appropriately tested to decide the next course of action within client_setvolume: whether to simply exit due to an error or execute the subsequent statements. Change-Id: Ib22ad8f30d8ae04acaf2ff5bfee9c348a2c47148 BUG: 789278 Signed-off-by: Krutika Dhananjay Reviewed-on: http://review.gluster.com/3755 Tested-by: Gluster Build System Reviewed-by: Anand Avati --- xlators/protocol/client/src/client-handshake.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'xlators/protocol/client/src') diff --git a/xlators/protocol/client/src/client-handshake.c b/xlators/protocol/client/src/client-handshake.c index 3242cf0aeb6..5c4816ee20a 100644 --- a/xlators/protocol/client/src/client-handshake.c +++ b/xlators/protocol/client/src/client-handshake.c @@ -1554,13 +1554,14 @@ client_setvolume (xlator_t *this, struct rpc_clnt *rpc) client_get_lk_ver (conf)); } - req.dict.dict_len = dict_serialized_length (options); - if (req.dict.dict_len < 0) { + ret = dict_serialized_length (options); + if (ret < 0) { gf_log (this->name, GF_LOG_ERROR, "failed to get serialized length of dict"); ret = -1; goto fail; } + req.dict.dict_len = ret; req.dict.dict_val = GF_CALLOC (1, req.dict.dict_len, gf_client_mt_clnt_req_buf_t); ret = dict_serialize (options, req.dict.dict_val); -- cgit