summaryrefslogtreecommitdiffstats
path: root/rpc
diff options
context:
space:
mode:
authorRaghavendra G <raghavendra@gluster.com>2010-09-06 05:44:14 +0000
committerVijay Bellur <vijay@dev.gluster.com>2010-09-06 09:37:31 -0700
commit1bdee1756e70ec2611e568776dd93c70f5e6feef (patch)
tree74802ecef1cd5a083e1778f73a922c78d80e851a /rpc
parentd48378e4971b6b75f328923054959f6dc4dd89f6 (diff)
rpc-clnt: fix memory corruption happening while encoding auth data.
- buffer containing authdata pointed by rpc-request was allocated on stack of procedure rpc_clnt_fill_request, but was being used as source for xdr-encoding in rpc_clnt_record_build_record. Hence by the time auth-data is being copied during encoding of request, it might've been freed and hence contain garbage. Signed-off-by: Raghavendra G <raghavendra@gluster.com> Signed-off-by: Vijay Bellur <vijay@dev.gluster.com> BUG: 875 (Implement a new protocol to provide proper backward/forward compatibility) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=875
Diffstat (limited to 'rpc')
-rw-r--r--rpc/rpc-lib/src/rpc-clnt.c22
-rw-r--r--rpc/rpc-lib/src/rpc-clnt.h1
2 files changed, 12 insertions, 11 deletions
diff --git a/rpc/rpc-lib/src/rpc-clnt.c b/rpc/rpc-lib/src/rpc-clnt.c
index 8d923ed5f..52316a03a 100644
--- a/rpc/rpc-lib/src/rpc-clnt.c
+++ b/rpc/rpc-lib/src/rpc-clnt.c
@@ -1034,10 +1034,9 @@ ret:
int
rpc_clnt_fill_request (int prognum, int progver, int procnum, int payload,
uint64_t xid, struct auth_glusterfs_parms *au,
- struct rpc_msg *request)
+ struct rpc_msg *request, char *auth_data)
{
int ret = -1;
- char dest[1024] = {0,};
if (!request) {
goto out;
@@ -1056,14 +1055,14 @@ rpc_clnt_fill_request (int prognum, int progver, int procnum, int payload,
/* TODO: Using AUTH_GLUSTERFS for time-being. Make it modular in
* future so it is easy to plug-in new authentication schemes.
*/
- ret = xdr_serialize_glusterfs_auth (dest, au);
+ ret = xdr_serialize_glusterfs_auth (auth_data, au);
if (ret == -1) {
gf_log ("rpc-clnt", GF_LOG_DEBUG, "cannot encode credentials");
goto out;
}
request->rm_call.cb_cred.oa_flavor = AUTH_GLUSTERFS;
- request->rm_call.cb_cred.oa_base = dest;
+ request->rm_call.cb_cred.oa_base = auth_data;
request->rm_call.cb_cred.oa_length = ret;
request->rm_call.cb_verf.oa_flavor = AUTH_NONE;
@@ -1116,12 +1115,13 @@ rpc_clnt_record_build_record (struct rpc_clnt *clnt, int prognum, int progver,
int procnum, size_t payload, uint64_t xid,
struct auth_glusterfs_parms *au, struct iovec *recbuf)
{
- struct rpc_msg request = {0, };
- struct iobuf *request_iob = NULL;
- char *record = NULL;
- struct iovec recordhdr = {0, };
- size_t pagesize = 0;
- int ret = -1;
+ struct rpc_msg request = {0, };
+ struct iobuf *request_iob = NULL;
+ char *record = NULL;
+ struct iovec recordhdr = {0, };
+ size_t pagesize = 0;
+ int ret = -1;
+ char auth_data[RPC_CLNT_MAX_AUTH_BYTES] = {0, };
if ((!clnt) || (!recbuf) || (!au)) {
goto out;
@@ -1142,7 +1142,7 @@ rpc_clnt_record_build_record (struct rpc_clnt *clnt, int prognum, int progver,
/* Fill the rpc structure and XDR it into the buffer got above. */
ret = rpc_clnt_fill_request (prognum, progver, procnum, payload, xid,
- au, &request);
+ au, &request, auth_data);
if (ret == -1) {
gf_log ("rpc-clnt", GF_LOG_DEBUG, "cannot build a rpc-request "
"xid (%"PRIu64")", xid);
diff --git a/rpc/rpc-lib/src/rpc-clnt.h b/rpc/rpc-lib/src/rpc-clnt.h
index a0251c7c5..ab95608ad 100644
--- a/rpc/rpc-lib/src/rpc-clnt.h
+++ b/rpc/rpc-lib/src/rpc-clnt.h
@@ -32,6 +32,7 @@ typedef enum {
} rpc_clnt_event_t;
#define AUTH_GLUSTERFS 5
+#define RPC_CLNT_MAX_AUTH_BYTES 1024
struct xptr_clnt;
struct rpc_req;