summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmar Tumballi <amarts@redhat.com>2012-04-27 13:20:21 +0530
committerAnand Avati <avati@redhat.com>2012-04-27 13:27:13 -0700
commit4c84a4cd5e5e563e1e91656f7462b4c444e5f4e6 (patch)
tree2ac15b43867a259cb530441c36de9ca821b571f2
parentf9ca9f09ce47715573d0ae2b5e174e8b63185b56 (diff)
storage/posix: fix illegal memory access in fgetxattr()
we were not checking for the return value of the fgetxattr(key), and used to continue with the allocation even if size was -1, leading to wrong memory access. Change-Id: Ib5cf2e74fee95bc919b12efe89fed5cd25807efd Signed-off-by: Amar Tumballi <amarts@redhat.com> BUG: 815346 Reviewed-on: http://review.gluster.com/3236 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-by: Anand Avati <avati@redhat.com>
-rw-r--r--xlators/storage/posix/src/posix.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c
index b3bc6be7f31..447558a13ba 100644
--- a/xlators/storage/posix/src/posix.c
+++ b/xlators/storage/posix/src/posix.c
@@ -2567,10 +2567,9 @@ posix_getxattr (call_frame_t *frame, xlator_t *this,
strcpy (key, name);
size = sys_lgetxattr (real_path, key, NULL, 0);
- if (size == -1) {
- op_ret = -1;
+ if (size <= 0) {
op_errno = errno;
- goto out;
+ goto done;
}
value = GF_CALLOC (size + 1, sizeof(char), gf_posix_mt_char);
if (!value) {
@@ -2727,6 +2726,11 @@ posix_fgetxattr (call_frame_t *frame, xlator_t *this,
strcpy (key, name);
size = sys_fgetxattr (_fd, key, NULL, 0);
+ if (size <= 0) {
+ op_errno = errno;
+ goto done;
+ }
+
value = GF_CALLOC (size + 1, sizeof(char), gf_posix_mt_char);
if (!value) {
op_ret = -1;