diff options
| author | Jim Meyering <meyering@redhat.com> | 2012-06-19 11:41:19 +0200 |
|---|---|---|
| committer | Anand Avati <avati@redhat.com> | 2012-07-11 19:13:31 -0700 |
| commit | 57e72677ac1123b583be8daec2287efac87362df (patch) | |
| tree | 610004e098233740386a184b8e33321a50e1fb31 | |
| parent | fa946a8448dd3916c3fb31c9ba6cf195f98fc58c (diff) | |
glusterd: avoid buffer overrun for over-long volname
[in glusterd_store_is_valid_brickpath]
When strlen(volname) is no smaller than sizeof(volinfo->volname),
volinfo->volname would end up not being NUL-terminated.
Then, a use of that buffer that expects it to be NUL-terminated
(i.e., glusterd_store_brickinfopath_set's GLUSTERD_GET_BRICK_DIR)
will access beyond the end of the buffer.
Instead, diagnose the too-long volume name and fail.
Change-Id: I655d8638547bf342d33280c14ff1edacc3cdeb5a
BUG: 789278
Signed-off-by: Jim Meyering <meyering@redhat.com>
Reviewed-on: http://review.gluster.com/3591
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-store.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-store.c b/xlators/mgmt/glusterd/src/glusterd-store.c index b9177b3c0..a70256c39 100644 --- a/xlators/mgmt/glusterd/src/glusterd-store.c +++ b/xlators/mgmt/glusterd/src/glusterd-store.c @@ -232,6 +232,7 @@ glusterd_store_is_valid_brickpath (char *volname, char *brick) glusterd_brickinfo_t *brickinfo = NULL; glusterd_volinfo_t *volinfo = NULL; int32_t ret = 0; + size_t volname_len = strlen (volname); ret = glusterd_brickinfo_from_brick (brick, &brickinfo); if (ret) { @@ -245,7 +246,12 @@ glusterd_store_is_valid_brickpath (char *volname, char *brick) ret = 0; goto out; } - strncpy (volinfo->volname, volname, sizeof (volinfo->volname)); + if (volname_len >= sizeof (volinfo->volname)) { + gf_log ("", GF_LOG_WARNING, "volume name too long"); + ret = 0; + goto out; + } + memcpy (volinfo->volname, volname, volname_len+1); glusterd_store_brickinfopath_set (volinfo, brickinfo, brickpath, sizeof (brickpath)); |