From d836002fce7454fabd13f0f9a1fd247bec7e7fc0 Mon Sep 17 00:00:00 2001
From: Venkatesh Somyajulu <vsomyaju@redhat.com>
Date: Wed, 3 Apr 2013 17:30:37 +0530
Subject: dict: Put "goto out" in dict_unserialize to avoid process crash

Problem:
In the dictionary serialization function, if the
[(buf + vallen) > (orig_buf + size)], then memdup is getting failed.

Fix:
Put "goto out" whenever this condition is met.

Change-Id: Ia10ddc7e1cf551eed0e2c3d0f0364c6961e13025
BUG: 947824
Signed-off-by: Venkatesh Somyajulu <vsomyaju@redhat.com>
Reviewed-on: http://review.gluster.org/4770
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
---
 libglusterfs/src/dict.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libglusterfs/src/dict.c b/libglusterfs/src/dict.c
index ee265c9db..3d30dd689 100644
--- a/libglusterfs/src/dict.c
+++ b/libglusterfs/src/dict.c
@@ -2422,6 +2422,7 @@ dict_unserialize (char *orig_buf, int32_t size, dict_t **fill)
                                           "available (%lu) < required (%lu)",
                                           (long)(orig_buf + size),
                                           (long)(buf + vallen));
+                        goto out;
                 }
                 value = get_new_data ();
                 value->len  = vallen;
-- 
cgit