From d8a94293b142f963ad255e4fe9c2d1fafe3caeb6 Mon Sep 17 00:00:00 2001 From: shishir gowda Date: Thu, 5 Aug 2010 01:58:46 +0000 Subject: Fix for seg fault in dict_unserialize if undersized buffers are passed Signed-off-by: shishir gowda Signed-off-by: Anand V. Avati BUG: 1031 (dict_unserialize crash if undersized buffers passed) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1031 --- .../protocol/legacy/server/src/server-protocol.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'xlators/protocol/legacy/server') diff --git a/xlators/protocol/legacy/server/src/server-protocol.c b/xlators/protocol/legacy/server/src/server-protocol.c index e6c668d15..5193e54b1 100644 --- a/xlators/protocol/legacy/server/src/server-protocol.c +++ b/xlators/protocol/legacy/server/src/server-protocol.c @@ -5888,6 +5888,7 @@ static call_frame_t * get_frame_for_call (transport_t *trans, gf_hdr_common_t *hdr) { call_frame_t *frame = NULL; + int32_t ret = -1; frame = get_frame_for_transport (trans); @@ -5899,7 +5900,12 @@ get_frame_for_call (transport_t *trans, gf_hdr_common_t *hdr) frame->root->gid = ntoh32 (hdr->req.gid); frame->root->pid = ntoh32 (hdr->req.pid); frame->root->lk_owner = ntoh64 (hdr->req.lk_owner); - server_decode_groups (frame, hdr); + ret = server_decode_groups (frame, hdr); + + if (ret) { + //FRAME_DESTROY (frame); + return NULL; + } return frame; } @@ -6021,6 +6027,10 @@ protocol_server_interpret (xlator_t *this, transport_t *trans, break; } frame = get_frame_for_call (trans, hdr); + if (!frame) { + ret = -1; + goto out; + } frame->op = op; ret = gf_fops[op] (frame, bound_xl, hdr, hdrlen, iobuf); break; @@ -6033,6 +6043,10 @@ protocol_server_interpret (xlator_t *this, transport_t *trans, break; } frame = get_frame_for_call (trans, hdr); + if (!frame) { + ret = -1; + goto out; + } frame->op = op; ret = gf_mops[op] (frame, bound_xl, hdr, hdrlen, iobuf); break; @@ -6051,13 +6065,17 @@ protocol_server_interpret (xlator_t *this, transport_t *trans, } frame = get_frame_for_call (trans, hdr); + if (!frame) { + ret = -1; + goto out; + } ret = gf_cbks[op] (frame, bound_xl, hdr, hdrlen, iobuf); break; default: break; } - +out: return ret; } -- cgit