From 0bfadb56d0ce0ffaa410eccb2a9d9eaaf6f3ab7c Mon Sep 17 00:00:00 2001 From: Amar Tumballi Date: Wed, 11 Apr 2012 14:40:44 +0530 Subject: protocol/server: validate connection object before dereferencing in 'release()' and 'releasedir()' fops the check for 'connection object' was not done before dereferencing it. the check was in place for all other fops. handling the missing cases now. also removed some warnings related to 'set-but-unused' Change-Id: I47b95318e8f2f28233179be509ce090b2fb7276d Signed-off-by: Amar Tumballi BUG: 801411 Reviewed-on: http://review.gluster.com/3125 Tested-by: Gluster Build System Reviewed-by: Anand Avati --- xlators/protocol/server/src/server3_1-fops.c | 29 ++++++++++------------------ 1 file changed, 10 insertions(+), 19 deletions(-) (limited to 'xlators') diff --git a/xlators/protocol/server/src/server3_1-fops.c b/xlators/protocol/server/src/server3_1-fops.c index 6ce0b27afc4..7c64b5f9f5c 100644 --- a/xlators/protocol/server/src/server3_1-fops.c +++ b/xlators/protocol/server/src/server3_1-fops.c @@ -3437,6 +3437,10 @@ server_release (rpcsvc_request_t *req) } conn = req->trans->xl_private; + if (!conn) { + req->rpc_err = GARBAGE_ARGS; + goto out; + } gf_fd_put (conn->fdtable, args.fd); server_submit_reply (NULL, req, &rsp, NULL, 0, NULL, @@ -3462,6 +3466,11 @@ server_releasedir (rpcsvc_request_t *req) } conn = req->trans->xl_private; + if (!conn) { + req->rpc_err = GARBAGE_ARGS; + goto out; + } + gf_fd_put (conn->fdtable, args.fd); server_submit_reply (NULL, req, &rsp, NULL, 0, NULL, @@ -3818,7 +3827,6 @@ server_setxattr (rpcsvc_request_t *req) server_state_t *state = NULL; dict_t *dict = NULL; call_frame_t *frame = NULL; - server_connection_t *conn = NULL; gfs3_setxattr_req args = {{0,},}; int32_t ret = -1; int32_t op_errno = 0; @@ -3826,8 +3834,6 @@ server_setxattr (rpcsvc_request_t *req) if (!req) return ret; - conn = req->trans->xl_private; - args.dict.dict_val = alloca (req->msg[0].iov_len); if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_setxattr_req)) { @@ -3894,7 +3900,6 @@ server_fsetxattr (rpcsvc_request_t *req) { server_state_t *state = NULL; dict_t *dict = NULL; - server_connection_t *conn = NULL; call_frame_t *frame = NULL; gfs3_fsetxattr_req args = {{0,},}; int32_t ret = -1; @@ -3903,8 +3908,6 @@ server_fsetxattr (rpcsvc_request_t *req) if (!req) return ret; - conn = req->trans->xl_private; - args.dict.dict_val = alloca (req->msg[0].iov_len); if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_fsetxattr_req)) { //failed to decode msg; @@ -3968,7 +3971,6 @@ server_fxattrop (rpcsvc_request_t *req) { dict_t *dict = NULL; server_state_t *state = NULL; - server_connection_t *conn = NULL; call_frame_t *frame = NULL; gfs3_fxattrop_req args = {{0,},}; int32_t ret = -1; @@ -3977,8 +3979,6 @@ server_fxattrop (rpcsvc_request_t *req) if (!req) return ret; - conn = req->trans->xl_private; - args.dict.dict_val = alloca (req->msg[0].iov_len); if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_fxattrop_req)) { //failed to decode msg; @@ -4043,7 +4043,6 @@ server_xattrop (rpcsvc_request_t *req) { dict_t *dict = NULL; server_state_t *state = NULL; - server_connection_t *conn = NULL; call_frame_t *frame = NULL; gfs3_xattrop_req args = {{0,},}; int32_t ret = -1; @@ -4052,8 +4051,6 @@ server_xattrop (rpcsvc_request_t *req) if (!req) return ret; - conn = req->trans->xl_private; - args.dict.dict_val = alloca (req->msg[0].iov_len); if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_xattrop_req)) { @@ -5325,7 +5322,6 @@ int server_lk (rpcsvc_request_t *req) { server_state_t *state = NULL; - server_connection_t *conn = NULL; call_frame_t *frame = NULL; gfs3_lk_req args = {{0,},}; int ret = -1; @@ -5334,8 +5330,6 @@ server_lk (rpcsvc_request_t *req) if (!req) return ret; - conn = req->trans->xl_private; - if (!xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_lk_req)) { //failed to decode msg; req->rpc_err = GARBAGE_ARGS; @@ -5401,7 +5395,7 @@ server_lk (rpcsvc_request_t *req) state->flock.l_type = F_UNLCK; break; default: - gf_log (conn->bound_xl->name, GF_LOG_ERROR, + gf_log (state->conn->bound_xl->name, GF_LOG_ERROR, "fd - %"PRId64" (%s): Unknown lock type: %"PRId32"!", state->resolve.fd_no, uuid_utoa (state->fd->inode->gfid), state->type); @@ -5500,7 +5494,6 @@ int server_lookup (rpcsvc_request_t *req) { call_frame_t *frame = NULL; - server_connection_t *conn = NULL; server_state_t *state = NULL; gfs3_lookup_req args = {{0,},}; int ret = -1; @@ -5508,8 +5501,6 @@ server_lookup (rpcsvc_request_t *req) GF_VALIDATE_OR_GOTO ("server", req, err); - conn = req->trans->xl_private; - args.bname = alloca (req->msg[0].iov_len); args.xdata.xdata_val = alloca (req->msg[0].iov_len); -- cgit