From 4c68b2f81441a28292602957abc4eaaa7c11b518 Mon Sep 17 00:00:00 2001
From: Pranith Kumar K <pkarampu@redhat.com>
Date: Tue, 6 Jun 2017 14:58:36 +0530
Subject: Fix heap-buffer-overflow

This is the asan trace:
==26769==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000007b60 at pc 0x7ffff6e9429b bp 0x7ffff1afd800 sp 0x7ffff1afcfa8
WRITE of size 2 at 0x602000007b60 thread T1
    #0 0x7ffff6e9429a  (/lib64/libasan.so.3+0x5f29a)
    #1 0x406b64 in removeDuplicateSubstr /root/gluster-block/rpc/block_svc_routines.c:147
    #2 0x41ad4c in blockCreateCliFormatResponse /root/gluster-block/rpc/block_svc_routines.c:1570
    #3 0x41ff91 in block_create_cli_1_svc /root/gluster-block/rpc/block_svc_routines.c:1826
    #4 0x405e63 in gluster_block_cli_1 /root/gluster-block/rpc/rpcl/block_svc.c:132
    #5 0x7ffff57d62a0 in svc_getreq_common (/lib64/libc.so.6+0x13a2a0)
    #6 0x7ffff57d63e6 in svc_getreq_poll (/lib64/libc.so.6+0x13a3e6)
    #7 0x7ffff57d9d00 in svc_run (/lib64/libc.so.6+0x13dd00)
    #8 0x403c61 in glusterBlockCliThreadProc /root/gluster-block/daemon/gluster-blockd.c:130
    #9 0x7ffff6c1e6c9 in start_thread (/lib64/libpthread.so.0+0x76c9)
    #10 0x7ffff57a3f6e in clone (/lib64/libc.so.6+0x107f6e)

0x602000007b60 is located 0 bytes to the right of 16-byte region [0x602000007b50,0x602000007b60)
allocated by thread T1 here:
    #0 0x7ffff6efc020 in calloc (/lib64/libasan.so.3+0xc7020)
    #1 0x42d2c3 in gbAllocN /root/gluster-block/utils/utils.c:194
    #2 0x406ae9 in removeDuplicateSubstr /root/gluster-block/rpc/block_svc_routines.c:138
    #3 0x41ad4c in blockCreateCliFormatResponse /root/gluster-block/rpc/block_svc_routines.c:1570
    #4 0x41ff91 in block_create_cli_1_svc /root/gluster-block/rpc/block_svc_routines.c:1826
    #5 0x405e63 in gluster_block_cli_1 /root/gluster-block/rpc/rpcl/block_svc.c:132
    #6 0x7ffff57d62a0 in svc_getreq_common (/lib64/libc.so.6+0x13a2a0)
    #7 0x7ffff5a60a5f  (/lib64/libc.so.6+0x3c4a5f)

Thread T1 created by T0 here:
    #0 0x7ffff6e66488 in __interceptor_pthread_create (/lib64/libasan.so.3+0x31488)
    #1 0x40545f in main /root/gluster-block/daemon/gluster-blockd.c:325
    #2 0x7ffff56bc400 in __libc_start_main (/lib64/libc.so.6+0x20400)

Change-Id: Id16fa0c00223f7272c3c977efb268ba5d72bd04b
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
---
 rpc/block_svc_routines.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rpc/block_svc_routines.c b/rpc/block_svc_routines.c
index 333584e..9e4d111 100644
--- a/rpc/block_svc_routines.c
+++ b/rpc/block_svc_routines.c
@@ -134,8 +134,8 @@ removeDuplicateSubstr(char **line)
     return;
   }
 
-  /* Allocate size for out. */
-  if (GB_ALLOC_N(out, strlen(temp)) < 0) {
+  /* Allocate size for out including trailing space and \0. */
+  if (GB_ALLOC_N(out, strlen(temp) + strlen(" ") + 1) < 0) {
     return;
   }
 
-- 
cgit