diff options
author | Amar Tumballi <amarts@redhat.com> | 2012-04-27 13:20:21 +0530 |
---|---|---|
committer | Anand Avati <avati@redhat.com> | 2012-04-27 13:27:13 -0700 |
commit | 4c84a4cd5e5e563e1e91656f7462b4c444e5f4e6 (patch) | |
tree | 2ac15b43867a259cb530441c36de9ca821b571f2 | |
parent | f9ca9f09ce47715573d0ae2b5e174e8b63185b56 (diff) |
storage/posix: fix illegal memory access in fgetxattr()
we were not checking for the return value of the fgetxattr(key), and
used to continue with the allocation even if size was -1, leading to
wrong memory access.
Change-Id: Ib5cf2e74fee95bc919b12efe89fed5cd25807efd
Signed-off-by: Amar Tumballi <amarts@redhat.com>
BUG: 815346
Reviewed-on: http://review.gluster.com/3236
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-by: Anand Avati <avati@redhat.com>
-rw-r--r-- | xlators/storage/posix/src/posix.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c index b3bc6be7f31..447558a13ba 100644 --- a/xlators/storage/posix/src/posix.c +++ b/xlators/storage/posix/src/posix.c @@ -2567,10 +2567,9 @@ posix_getxattr (call_frame_t *frame, xlator_t *this, strcpy (key, name); size = sys_lgetxattr (real_path, key, NULL, 0); - if (size == -1) { - op_ret = -1; + if (size <= 0) { op_errno = errno; - goto out; + goto done; } value = GF_CALLOC (size + 1, sizeof(char), gf_posix_mt_char); if (!value) { @@ -2727,6 +2726,11 @@ posix_fgetxattr (call_frame_t *frame, xlator_t *this, strcpy (key, name); size = sys_fgetxattr (_fd, key, NULL, 0); + if (size <= 0) { + op_errno = errno; + goto done; + } + value = GF_CALLOC (size + 1, sizeof(char), gf_posix_mt_char); if (!value) { op_ret = -1; |