glusterfs.git/xlators/features/locks/src/posix.c, branch v5.8 all: fix the format string exceptions 2018-11-09T14:03:02+00:00 Amar Tumballi amarts@redhat.com 2018-11-06T17:17:41+00:00 83304fedb464fe3f97db662ce3e07bd948b7b7d9 Currently, there are possibilities in few places, where a user-controlled (like filename, program parameter etc) string can be passed as 'fmt' for printf(), which can lead to segfault, if the user's string contains '%s', '%d' in it. While fixing it, makes sense to make the explicit check for such issues across the codebase, by making the format call properly. Fixes: CVE-2018-14661 Fixes: bz#1647666 Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.

While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.

Fixes: CVE-2018-14661

Fixes: bz#1647666
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>
features/locks:Use pthread_mutex_unlock() instead of pthread_mutex_lock() 2018-11-09T14:02:19+00:00 Vijay Bellur vbellur@redhat.com 2018-11-06T18:12:10+00:00 7136414bcc0426270f1df8720018af1b53fd228a Fixes CID 1396581 Change-Id: Ic04091b5783a75d8e1e605a9c1c28b77fea048d3 updates: bz#1647962 Signed-off-by: Vijay Bellur <vbellur@redhat.com> Signed-off-by: Susant Palai <spalai@redhat.com> 
Fixes CID 1396581

Change-Id: Ic04091b5783a75d8e1e605a9c1c28b77fea048d3
updates: bz#1647962
Signed-off-by: Vijay Bellur <vbellur@redhat.com>
Signed-off-by: Susant Palai <spalai@redhat.com>
lock: Do not allow meta-lock count to be more than one 2018-11-09T14:02:19+00:00 Susant Palai spalai@redhat.com 2018-11-02T03:53:42+00:00 c87a458998717e951094744a56247a8ec6c48b4b In the current scheme of glusterfs where lock migration is experimental, (ideally) the rebalance process which is migrating the file should request for a metalock. Hence, the metalock count should not be more than one for an inode. In future, if there is a need for meta-lock from other clients, this patch can be reverted. Since pl_metalk is called as part of setxattr operation, any client process(non-rebalance) residing outside trusted network can exhaust memory of the server node by issuing setxattr repetitively on the metalock key. The current patch makes sure that more than one metalock cannot be granted on an inode. Fixes CVE-2018-14660 updates: bz#1647962 Change-Id: Ie1e697766388718804a9551bc58351808fe71069 Signed-off-by: Susant Palai <spalai@redhat.com> 
In the current scheme of glusterfs where lock migration is
experimental, (ideally) the rebalance process which is migrating
the file should request for a metalock. Hence, the metalock count
should not be more than one for an inode. In future, if there is a
need for meta-lock from other clients, this patch can be reverted.

Since pl_metalk is called as part of setxattr operation, any client
process(non-rebalance) residing outside trusted network can exhaust
memory of the server node by issuing setxattr repetitively on the
metalock key. The current patch makes sure that more than
one metalock cannot be granted on an inode.

Fixes CVE-2018-14660

updates: bz#1647962
Change-Id: Ie1e697766388718804a9551bc58351808fe71069
Signed-off-by: Susant Palai <spalai@redhat.com>
Land part 2 of clang-format changes 2018-09-12T12:22:45+00:00 Gluster Ant bugzilla-bot@gluster.org 2018-09-12T12:22:45+00:00 e16868dede6455cab644805af6fe1ac312775e13 Change-Id: Ia84cc24c8924e6d22d02ac15f611c10e26db99b4 Signed-off-by: Nigel Babu <nigelb@redhat.com> 
Change-Id: Ia84cc24c8924e6d22d02ac15f611c10e26db99b4
Signed-off-by: Nigel Babu <nigelb@redhat.com>
Various files: strncpy()->sprintf(), reduce strlen()'s 2018-08-31T13:13:43+00:00 Yaniv Kaul ykaul@redhat.com 2018-08-21T17:43:07+00:00 052849983e51a061d7fb2c3ffd74fa78bb257084 strncpy may not be very efficient for short strings copied into a large buffer: If the length of src is less than n, strncpy() writes additional null bytes to dest to ensure that a total of n bytes are written. Instead, use snprintf(). Check for truncated output where applicable. Also: - save the result of strlen() and re-use it when possible. - move from strlen to SLEN (sizeof() ) for const strings. Compile-tested only! Change-Id: I54e80d4f4a80e98d3775e376efe05c51af0b29eb updates: bz#1193929 Signed-off-by: Yaniv Kaul <ykaul@redhat.com> 
strncpy may not be very efficient for short strings copied into
a large buffer: If the length of src is less than n,
strncpy() writes additional null bytes to dest to ensure
that a total of n bytes are written.

Instead, use snprintf(). Check for truncated output
where applicable.

Also:
- save the result of strlen() and re-use it when possible.
- move from strlen to SLEN (sizeof() ) for const strings.

Compile-tested only!

Change-Id: I54e80d4f4a80e98d3775e376efe05c51af0b29eb
updates: bz#1193929
Signed-off-by: Yaniv Kaul <ykaul@redhat.com>
locks: coverity fixes 2018-08-24T05:41:57+00:00 Bhumika Goyal bgoyal@redhat.com 2018-08-20T15:36:37+00:00 94a532464d1149dc1574e2e4b5484d35415bde5b Fixes CID: 1356583 1356582 1356581 1356580 Add logs and also replace gf_log with gf_msg_debug. Change-Id: I348dc94f7a52034542d29096c12a2cf60aabe97f updates: bz#789278 Signed-off-by: Bhumika Goyal <bgoyal@redhat.com> 
Fixes CID: 1356583 1356582 1356581 1356580

Add logs and also replace gf_log with gf_msg_debug.

Change-Id: I348dc94f7a52034542d29096c12a2cf60aabe97f
updates: bz#789278
Signed-off-by: Bhumika Goyal <bgoyal@redhat.com>
All: run codespell on the code and fix issues. 2018-07-22T14:40:16+00:00 Yaniv Kaul ykaul@redhat.com 2018-07-16T14:03:17+00:00 621138ce763eda8270d0a4f6d7209fd50ada8787 Please review, it's not always just the comments that were fixed. I've had to revert of course all calls to creat() that were changed to create() ... Only compile-tested! Change-Id: I7d02e82d9766e272a7fd9cc68e51901d69e5aab5 updates: bz#1193929 Signed-off-by: Yaniv Kaul <ykaul@redhat.com> 
Please review, it's not always just the comments that were fixed.
I've had to revert of course all calls to creat() that were changed
to create() ...

Only compile-tested!

Change-Id: I7d02e82d9766e272a7fd9cc68e51901d69e5aab5
updates: bz#1193929
Signed-off-by: Yaniv Kaul <ykaul@redhat.com>
feature/locks: Unwind response based on clinet version 2018-05-28T02:45:08+00:00 Ashish Pandey aspandey@redhat.com 2018-05-17T10:25:44+00:00 2343d2ca474f5f695add09f8c039078b378c3985 Change-Id: I6fc7755cca0d6f61cb775363618036228925842c fixes: bz#1570538 Signed-off-by: Ashish Pandey <aspandey@redhat.com> 
Change-Id: I6fc7755cca0d6f61cb775363618036228925842c
fixes: bz#1570538
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
protocol/server : unwind as per op version 2018-05-03T07:16:21+00:00 Ashish Pandey aspandey@redhat.com 2018-04-25T11:18:56+00:00 112048652ab00d9650053396c1b28a49d1853783 Change-Id: Id6717640ac14881b490e512c4682e45ffffa7f5b fixes: bz#1570538 BUG: 1570538 Signed-off-by: Ashish Pandey <aspandey@redhat.com> 
Change-Id: Id6717640ac14881b490e512c4682e45ffffa7f5b
fixes: bz#1570538
BUG: 1570538
Signed-off-by: Ashish Pandey <aspandey@redhat.com>
libgfapi: Add new api for supporting mandatory-locks 2018-01-22T09:54:02+00:00 Anoop C S anoopcs@redhat.com 2016-01-19T09:05:18+00:00 ec3df9e65a3a2e1005cd4d50d06a8819fd3ab5f6 The current API for byte-range locks [glfs_posix_lock()] doesn't allow applications to specify whether it is advisory or mandatory type locks. This particular change is to introduce an extended byte-range lock API with an additional argument for including the byte-range lock mode to be one among advisory(default) or mandatory. Patch also includes a gfapi test case which make use of this new api to acquire mandatory locks. Ref: https://github.com/gluster/glusterfs-specs/blob/master/done/GlusterFS%203.8/Mandatory%20Locks.md Change-Id: Ia09042c755d891895d96da857321abc4ce03e20c Updates #393 Signed-off-by: Anoop C S <anoopcs@redhat.com> 
The current API for byte-range locks [glfs_posix_lock()] doesn't
allow applications to specify whether it is advisory or mandatory
type locks. This particular change is to introduce an extended
byte-range lock API with an additional argument for including
the byte-range lock mode to be one among advisory(default) or
mandatory. Patch also includes a gfapi test case which make use
of this new api to acquire mandatory locks.

Ref: https://github.com/gluster/glusterfs-specs/blob/master/done/GlusterFS%203.8/Mandatory%20Locks.md

Change-Id: Ia09042c755d891895d96da857321abc4ce03e20c
Updates #393
Signed-off-by: Anoop C S <anoopcs@redhat.com>