From d3b1456c52f7dc4f21cdae2855092fda6b96af4a Mon Sep 17 00:00:00 2001 From: Amar Tumballi Date: Tue, 28 Aug 2018 00:01:26 +0530 Subject: clang-scan: fix multiple issues * Buffer overflow issue in glusterfsd * Null argument passed to function expecting non-null (event-epoll) * Make sure the op_ret value is set in macro (posix) Updates: bz#1622665 Change-Id: I32b378fc40a5e3ee800c0dfbc13335d44c9db9ac Signed-off-by: Amar Tumballi --- xlators/protocol/server/src/server-helpers.c | 2 +- xlators/protocol/server/src/server-rpc-fops.c | 9 +++++++++ xlators/protocol/server/src/server-rpc-fops_v2.c | 9 +++++++++ xlators/protocol/server/src/server.c | 2 +- 4 files changed, 20 insertions(+), 2 deletions(-) (limited to 'xlators/protocol') diff --git a/xlators/protocol/server/src/server-helpers.c b/xlators/protocol/server/src/server-helpers.c index f6fb32ed140..ce2097765b1 100644 --- a/xlators/protocol/server/src/server-helpers.c +++ b/xlators/protocol/server/src/server-helpers.c @@ -331,7 +331,7 @@ server_connection_cleanup (xlator_t *this, client_t *client, int cd_ret = 0; int ret = 0; - GF_VALIDATE_OR_GOTO (this->name, this, out); + GF_VALIDATE_OR_GOTO ("server", this, out); GF_VALIDATE_OR_GOTO (this->name, client, out); GF_VALIDATE_OR_GOTO (this->name, flags, out); diff --git a/xlators/protocol/server/src/server-rpc-fops.c b/xlators/protocol/server/src/server-rpc-fops.c index 915e166223c..c5015befa7e 100644 --- a/xlators/protocol/server/src/server-rpc-fops.c +++ b/xlators/protocol/server/src/server-rpc-fops.c @@ -2201,6 +2201,15 @@ server_compound_cbk (call_frame_t *frame, void *cookie, xlator_t *this, STACK_ERR_XL_NAME (frame->root)); } + /* TODO: I assume a single 10MB payload is large, if not, we need to + agree to valid payload */ + if ((args_cbk->fop_length <= 0) || + ((args_cbk->fop_length > (10 * 1024 * 1024)))) { + op_ret = -1; + op_errno = EINVAL; + goto out; + } + rsp.compound_rsp_array.compound_rsp_array_val = GF_CALLOC (args_cbk->fop_length, sizeof (compound_rsp), diff --git a/xlators/protocol/server/src/server-rpc-fops_v2.c b/xlators/protocol/server/src/server-rpc-fops_v2.c index 09d404f2d86..64ca0bbf65b 100644 --- a/xlators/protocol/server/src/server-rpc-fops_v2.c +++ b/xlators/protocol/server/src/server-rpc-fops_v2.c @@ -5830,6 +5830,15 @@ server4_compound_cbk (call_frame_t *frame, void *cookie, xlator_t *this, STACK_ERR_XL_NAME (frame->root)); } + /* TODO: I assume a single 10MB payload is large, if not, we need to + agree to valid payload */ + if ((args_cbk->fop_length <= 0) || + ((args_cbk->fop_length > (10 * 1024 * 1024)))) { + op_ret = -1; + op_errno = EINVAL; + goto out; + } + rsp.compound_rsp_array.compound_rsp_array_val = GF_CALLOC (args_cbk->fop_length, sizeof (compound_rsp_v2), diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c index 4cf4b4aeac1..c95a541cbc2 100644 --- a/xlators/protocol/server/src/server.c +++ b/xlators/protocol/server/src/server.c @@ -187,7 +187,7 @@ server_priv_to_dict (xlator_t *this, dict_t *dict, char *brickname) pthread_mutex_lock (&conf->mutex); { list_for_each_entry (xprt, &conf->xprt_list, list) { - if ((xprt) && (xprt->xl_private) && + if ((xprt->xl_private) && (xprt->xl_private->bound_xl) && (xprt->xl_private->bound_xl->name) && (brickname) && (!strcmp (brickname, -- cgit