summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorshishir gowda <shishirng@gluster.com>2010-08-05 01:58:46 +0000
committerAnand V. Avati <avati@dev.gluster.com>2010-08-06 03:37:24 -0700
commitd8a94293b142f963ad255e4fe9c2d1fafe3caeb6 (patch)
treec707f7c1038255dc1a203ef2790da037528f0fd1
parentb04d963e91f8b3c72343e1043d6ed8c68699c4fe (diff)
Fix for seg fault in dict_unserialize if undersized buffers are passed
Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Anand V. Avati <avati@dev.gluster.com> BUG: 1031 (dict_unserialize crash if undersized buffers passed) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1031
-rw-r--r--xlators/protocol/legacy/server/src/server-protocol.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/xlators/protocol/legacy/server/src/server-protocol.c b/xlators/protocol/legacy/server/src/server-protocol.c
index e6c668d15..5193e54b1 100644
--- a/xlators/protocol/legacy/server/src/server-protocol.c
+++ b/xlators/protocol/legacy/server/src/server-protocol.c
@@ -5888,6 +5888,7 @@ static call_frame_t *
get_frame_for_call (transport_t *trans, gf_hdr_common_t *hdr)
{
call_frame_t *frame = NULL;
+ int32_t ret = -1;
frame = get_frame_for_transport (trans);
@@ -5899,7 +5900,12 @@ get_frame_for_call (transport_t *trans, gf_hdr_common_t *hdr)
frame->root->gid = ntoh32 (hdr->req.gid);
frame->root->pid = ntoh32 (hdr->req.pid);
frame->root->lk_owner = ntoh64 (hdr->req.lk_owner);
- server_decode_groups (frame, hdr);
+ ret = server_decode_groups (frame, hdr);
+
+ if (ret) {
+ //FRAME_DESTROY (frame);
+ return NULL;
+ }
return frame;
}
@@ -6021,6 +6027,10 @@ protocol_server_interpret (xlator_t *this, transport_t *trans,
break;
}
frame = get_frame_for_call (trans, hdr);
+ if (!frame) {
+ ret = -1;
+ goto out;
+ }
frame->op = op;
ret = gf_fops[op] (frame, bound_xl, hdr, hdrlen, iobuf);
break;
@@ -6033,6 +6043,10 @@ protocol_server_interpret (xlator_t *this, transport_t *trans,
break;
}
frame = get_frame_for_call (trans, hdr);
+ if (!frame) {
+ ret = -1;
+ goto out;
+ }
frame->op = op;
ret = gf_mops[op] (frame, bound_xl, hdr, hdrlen, iobuf);
break;
@@ -6051,13 +6065,17 @@ protocol_server_interpret (xlator_t *this, transport_t *trans,
}
frame = get_frame_for_call (trans, hdr);
+ if (!frame) {
+ ret = -1;
+ goto out;
+ }
ret = gf_cbks[op] (frame, bound_xl, hdr, hdrlen, iobuf);
break;
default:
break;
}
-
+out:
return ret;
}