From d3b1456c52f7dc4f21cdae2855092fda6b96af4a Mon Sep 17 00:00:00 2001
From: Amar Tumballi <amarts@redhat.com>
Date: Tue, 28 Aug 2018 00:01:26 +0530
Subject: clang-scan: fix multiple issues

* Buffer overflow issue in glusterfsd
* Null argument passed to function expecting non-null (event-epoll)
* Make sure the op_ret value is set in macro (posix)

Updates: bz#1622665

Change-Id: I32b378fc40a5e3ee800c0dfbc13335d44c9db9ac
Signed-off-by: Amar Tumballi <amarts@redhat.com>
---
 xlators/protocol/server/src/server-rpc-fops_v2.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'xlators/protocol/server/src/server-rpc-fops_v2.c')

diff --git a/xlators/protocol/server/src/server-rpc-fops_v2.c b/xlators/protocol/server/src/server-rpc-fops_v2.c
index 09d404f2d86..64ca0bbf65b 100644
--- a/xlators/protocol/server/src/server-rpc-fops_v2.c
+++ b/xlators/protocol/server/src/server-rpc-fops_v2.c
@@ -5830,6 +5830,15 @@ server4_compound_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
                         STACK_ERR_XL_NAME (frame->root));
         }
 
+        /* TODO: I assume a single 10MB payload is large, if not, we need to
+           agree to valid payload */
+        if ((args_cbk->fop_length <= 0) ||
+            ((args_cbk->fop_length > (10 * 1024 * 1024)))) {
+                op_ret = -1;
+                op_errno = EINVAL;
+                goto out;
+        }
+
         rsp.compound_rsp_array.compound_rsp_array_val = GF_CALLOC
                                                         (args_cbk->fop_length,
                                                          sizeof (compound_rsp_v2),
-- 
cgit