diff options
| author | Amar Tumballi <amarts@redhat.com> | 2018-11-01 07:08:29 +0530 |
|---|---|---|
| committer | Atin Mukherjee <amukherj@redhat.com> | 2018-11-01 07:05:43 +0000 |
| commit | d3ec5f5a089edb68206b5d4a469358867340d4f7 (patch) | |
| tree | ecbc8a6287621e3d748d07165dc4b9b892c61c37 | |
| parent | 7fac81aeab5805fb2bd719d7489636633bb5e32a (diff) | |
glusterd-handshake: prevent a buffer overflow
as key size in xdr can be anything, it can be bigger than the
'NAME_MAX' allowed in the structure, which can allow for service denial
attacks.
Fixes: CVE-2018-14653
Fixes: bz#1644756
Change-Id: I2dc5e99af27ddf44c12c94b07e51adb8674cce80
Signed-off-by: Amar Tumballi <amarts@redhat.com>
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-handshake.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c index d341b4918d2..53b500f4986 100644 --- a/xlators/mgmt/glusterd/src/glusterd-handshake.c +++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c @@ -913,6 +913,13 @@ __server_getspec(rpcsvc_request_t *req) volume = args.key; + if (strlen(volume) >= (NAME_MAX)) { + op_errno = EINVAL; + gf_msg(this->name, GF_LOG_ERROR, EINVAL, GD_MSG_NAME_TOO_LONG, + "volume name too long (%s)", volume); + goto fail; + } + /* Need to strip leading '/' from volnames. This was introduced to * support nfs style mount parameters for native gluster mount */ |