From 4c84a4cd5e5e563e1e91656f7462b4c444e5f4e6 Mon Sep 17 00:00:00 2001
From: Amar Tumballi <amarts@redhat.com>
Date: Fri, 27 Apr 2012 13:20:21 +0530
Subject: storage/posix: fix illegal memory access in fgetxattr()

we were not checking for the return value of the fgetxattr(key), and
used to continue with the allocation even if size was -1, leading to
wrong memory access.

Change-Id: Ib5cf2e74fee95bc919b12efe89fed5cd25807efd
Signed-off-by: Amar Tumballi <amarts@redhat.com>
BUG: 815346
Reviewed-on: http://review.gluster.com/3236
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-by: Anand Avati <avati@redhat.com>
---
 xlators/storage/posix/src/posix.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'xlators')

diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c
index b3bc6be7f..447558a13 100644
--- a/xlators/storage/posix/src/posix.c
+++ b/xlators/storage/posix/src/posix.c
@@ -2567,10 +2567,9 @@ posix_getxattr (call_frame_t *frame, xlator_t *this,
                 strcpy (key, name);
 
                 size = sys_lgetxattr (real_path, key, NULL, 0);
-                if (size == -1) {
-                        op_ret = -1;
+                if (size <= 0) {
                         op_errno = errno;
-                        goto out;
+                        goto done;
                 }
                 value = GF_CALLOC (size + 1, sizeof(char), gf_posix_mt_char);
                 if (!value) {
@@ -2727,6 +2726,11 @@ posix_fgetxattr (call_frame_t *frame, xlator_t *this,
                 strcpy (key, name);
 
                 size = sys_fgetxattr (_fd, key, NULL, 0);
+                if (size <= 0) {
+                        op_errno = errno;
+                        goto done;
+                }
+
                 value = GF_CALLOC (size + 1, sizeof(char), gf_posix_mt_char);
                 if (!value) {
                         op_ret = -1;
-- 
cgit