From 9c2753d1bee735cb74968106c7ce8ca1460504c6 Mon Sep 17 00:00:00 2001 From: Amar Tumballi Date: Fri, 23 Jul 2010 03:13:19 +0000 Subject: handle some NULL dereference in server protocol which can happen due to un authenticated clients sending requests. Signed-off-by: Amar Tumballi Signed-off-by: Anand V. Avati BUG: 1195 (crash in protocol server due to unauthenticated fop request..) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1195 --- xlators/protocol/server/src/server-helpers.c | 7 +- xlators/protocol/server/src/server3_1-fops.c | 209 ++++++++++++++++++++++++++- 2 files changed, 210 insertions(+), 6 deletions(-) (limited to 'xlators') diff --git a/xlators/protocol/server/src/server-helpers.c b/xlators/protocol/server/src/server-helpers.c index 216204a8b..37418ac1d 100644 --- a/xlators/protocol/server/src/server-helpers.c +++ b/xlators/protocol/server/src/server-helpers.c @@ -742,10 +742,15 @@ server_alloc_frame (rpcsvc_request_t *req) server_connection_t *conn = NULL; GF_VALIDATE_OR_GOTO("server", req, out); + GF_VALIDATE_OR_GOTO("server", req->conn, out); + GF_VALIDATE_OR_GOTO("server", req->conn->trans, out); + GF_VALIDATE_OR_GOTO("server", req->conn->svc, out); + GF_VALIDATE_OR_GOTO("server", req->conn->svc->ctx, out); conn = (server_connection_t *)req->conn->trans->xl_private; if (!conn) goto out; + frame = create_frame (conn->this, req->conn->svc->ctx->pool); GF_VALIDATE_OR_GOTO("server", frame, out); @@ -753,7 +758,7 @@ server_alloc_frame (rpcsvc_request_t *req) GF_VALIDATE_OR_GOTO("server", state, out); if (conn->bound_xl) - state->itable = conn->bound_xl->itable; + state->itable = conn->bound_xl->itable; state->xprt = req->conn->trans; state->conn = conn; diff --git a/xlators/protocol/server/src/server3_1-fops.c b/xlators/protocol/server/src/server3_1-fops.c index 1b7741766..d100f5fde 100644 --- a/xlators/protocol/server/src/server3_1-fops.c +++ b/xlators/protocol/server/src/server3_1-fops.c @@ -2683,13 +2683,17 @@ server_stat (rpcsvc_request_t *req) frame->root->op = GF_FOP_STAT; state = CALL_STATE (frame); - { - state->resolve.type = RESOLVE_MUST; - state->resolve.ino = args.ino; - state->resolve.gen = args.gen; - state->resolve.path = gf_strdup (args.path); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; } + state->resolve.type = RESOLVE_MUST; + state->resolve.ino = args.ino; + state->resolve.gen = args.gen; + state->resolve.path = gf_strdup (args.path); + resolve_and_resume (frame, server_stat_resume); out: return 0; @@ -2724,6 +2728,11 @@ server_setattr (rpcsvc_request_t *req) frame->root->op = GF_FOP_SETATTR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.ino = args.ino; @@ -2764,6 +2773,11 @@ server_fsetattr (rpcsvc_request_t *req) frame->root->op = GF_FOP_FSETATTR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -2805,6 +2819,11 @@ server_readlink (rpcsvc_request_t *req) frame->root->op = GF_FOP_READLINK; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.ino = args.ino; @@ -2852,6 +2871,11 @@ server_create (rpcsvc_request_t *req) frame->root->op = GF_FOP_CREATE; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_NOT; state->resolve.par = args.par; @@ -2895,6 +2919,11 @@ server_open (rpcsvc_request_t *req) frame->root->op = GF_FOP_OPEN; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.ino = args.ino; @@ -2934,6 +2963,11 @@ server_readv (rpcsvc_request_t *req) frame->root->op = GF_FOP_READ; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -2981,6 +3015,11 @@ server_writev_vec (rpcsvc_request_t *req, struct iobuf *iobuf) frame->root->op = GF_FOP_WRITE; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3072,6 +3111,11 @@ server_fsync (rpcsvc_request_t *req) frame->root->op = GF_FOP_FSYNC; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3109,6 +3153,11 @@ server_flush (rpcsvc_request_t *req) frame->root->op = GF_FOP_FLUSH; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3145,6 +3194,11 @@ server_ftruncate (rpcsvc_request_t *req) frame->root->op = GF_FOP_FTRUNCATE; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3181,6 +3235,11 @@ server_fstat (rpcsvc_request_t *req) frame->root->op = GF_FOP_FSTAT; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3218,6 +3277,11 @@ server_truncate (rpcsvc_request_t *req) frame->root->op = GF_FOP_TRUNCATE; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.path = gf_strdup (args.path); @@ -3262,6 +3326,11 @@ server_unlink (rpcsvc_request_t *req) frame->root->op = GF_FOP_UNLINK; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.par = args.par; @@ -3311,6 +3380,11 @@ server_setxattr (rpcsvc_request_t *req) frame->root->op = GF_FOP_SETXATTR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.path = gf_strdup (args.path); @@ -3389,6 +3463,11 @@ server_fsetxattr (rpcsvc_request_t *req) frame->root->op = GF_FOP_FSETXATTR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3462,6 +3541,11 @@ server_fxattrop (rpcsvc_request_t *req) frame->root->op = GF_FOP_FXATTROP; state = CALL_STATE(frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3541,6 +3625,11 @@ server_xattrop (rpcsvc_request_t *req) frame->root->op = GF_FOP_XATTROP; state = CALL_STATE(frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.path = gf_strdup (args.path); @@ -3615,6 +3704,11 @@ server_getxattr (rpcsvc_request_t *req) frame->root->op = GF_FOP_GETXATTR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.path = gf_strdup (args.path); @@ -3660,6 +3754,11 @@ server_fgetxattr (rpcsvc_request_t *req) frame->root->op = GF_FOP_FGETXATTR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3706,6 +3805,11 @@ server_removexattr (rpcsvc_request_t *req) frame->root->op = GF_FOP_REMOVEXATTR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.path = gf_strdup (args.path); @@ -3749,6 +3853,11 @@ server_opendir (rpcsvc_request_t *req) frame->root->op = GF_FOP_OPENDIR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.path = gf_strdup (args.path); @@ -3789,6 +3898,11 @@ server_readdirp (rpcsvc_request_t *req) frame->root->op = GF_FOP_READDIRP; state = CALL_STATE(frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3828,6 +3942,11 @@ server_readdir (rpcsvc_request_t *req) frame->root->op = GF_FOP_READDIR; state = CALL_STATE(frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3867,6 +3986,11 @@ server_fsyncdir (rpcsvc_request_t *req) frame->root->op = GF_FOP_FSYNCDIR; state = CALL_STATE(frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.fd_no = args.fd; @@ -3911,6 +4035,11 @@ server_mknod (rpcsvc_request_t *req) frame->root->op = GF_FOP_MKNOD; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_NOT; state->resolve.par = args.par; @@ -3959,6 +4088,11 @@ server_mkdir (rpcsvc_request_t *req) frame->root->op = GF_FOP_MKDIR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_NOT; state->resolve.par = args.par; @@ -4006,6 +4140,11 @@ server_rmdir (rpcsvc_request_t *req) frame->root->op = GF_FOP_RMDIR; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.par = args.par; @@ -4053,6 +4192,11 @@ server_inodelk (rpcsvc_request_t *req) frame->root->op = GF_FOP_INODELK; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_EXACT; state->resolve.ino = args.ino; @@ -4124,6 +4268,11 @@ server_finodelk (rpcsvc_request_t *req) frame->root->op = GF_FOP_FINODELK; state = CALL_STATE(frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_EXACT; state->volume = gf_strdup (args.volume); @@ -4199,6 +4348,11 @@ server_entrylk (rpcsvc_request_t *req) frame->root->op = GF_FOP_ENTRYLK; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_EXACT; state->resolve.path = gf_strdup (args.path); @@ -4249,6 +4403,11 @@ server_fentrylk (rpcsvc_request_t *req) frame->root->op = GF_FOP_FENTRYLK; state = CALL_STATE(frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_EXACT; state->resolve.fd_no = args.fd; @@ -4294,6 +4453,11 @@ server_access (rpcsvc_request_t *req) frame->root->op = GF_FOP_ACCESS; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.ino = args.ino; @@ -4342,6 +4506,11 @@ server_symlink (rpcsvc_request_t *req) frame->root->op = GF_FOP_SYMLINK; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_NOT; state->resolve.par = args.par; @@ -4392,6 +4561,11 @@ server_link (rpcsvc_request_t *req) frame->root->op = GF_FOP_LINK; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.path = gf_strdup (args.oldpath); @@ -4446,6 +4620,11 @@ server_rename (rpcsvc_request_t *req) frame->root->op = GF_FOP_RENAME; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.path = gf_strdup (args.oldpath); @@ -4492,6 +4671,11 @@ server_lk (rpcsvc_request_t *req) frame->root->op = GF_FOP_LK; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.fd_no = args.fd; state->cmd = args.cmd; @@ -4563,6 +4747,11 @@ server_rchecksum (rpcsvc_request_t *req) frame->root->op = GF_FOP_RCHECKSUM; state = CALL_STATE(frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MAY; state->resolve.fd_no = args.fd; @@ -4631,6 +4820,11 @@ server_lookup (rpcsvc_request_t *req) */ state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.ino = args.ino; if (state->resolve.ino != 1) state->resolve.ino = 0; @@ -4719,6 +4913,11 @@ server_statfs (rpcsvc_request_t *req) frame->root->op = GF_FOP_STATFS; state = CALL_STATE (frame); + if (!state->conn->bound_xl) { + /* auth failure, request on subvolume without setvolume */ + req->rpc_err = GARBAGE_ARGS; + goto out; + } state->resolve.type = RESOLVE_MUST; state->resolve.ino = args.ino; -- cgit