diff options
| author | Kotresh HR <khiremat@redhat.com> | 2017-06-20 06:26:18 -0400 |
|---|---|---|
| committer | Aravinda VK <avishwan@redhat.com> | 2017-06-21 10:06:59 +0000 |
| commit | b224f4253b7d3de3077ee35c8bdc20618eae4b7c (patch) | |
| tree | 575f74ed76bec274a8af5add4490a01afe67fda8 | |
| parent | 3183ca1bdee9cb0af22c017e3c610add8ff2b405 (diff) | |
feature/changelog: Fix buffer overflow crash
The buffer used to hold the basename was hard coded
to the size of NAME_MAX(255). It might lead to buffer
overflow crashes when the basename which is sent
is more than NAME_MAX length. Fixed the same.
Change-Id: I6c1cad3ccaeb8c55549b1d3c5f96a198f65ba2b7
BUG: 1463178
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: https://review.gluster.org/17579
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: jiffin tony Thottan <jthottan@redhat.com>
| -rw-r--r-- | xlators/features/changelog/src/changelog.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/xlators/features/changelog/src/changelog.c b/xlators/features/changelog/src/changelog.c index 20af188d0d4..8758b7691a1 100644 --- a/xlators/features/changelog/src/changelog.c +++ b/xlators/features/changelog/src/changelog.c @@ -222,8 +222,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this, gf_boolean_t barrier_enabled = _gf_false; dht_changelog_rename_info_t *info = NULL; int ret = 0; - char old_name[NAME_MAX] = {0}; - char new_name[NAME_MAX] = {0}; + char *old_name = NULL; + char *new_name = NULL; char *nname = NULL; INIT_LIST_HEAD (&queue); @@ -234,6 +234,8 @@ changelog_unlink (call_frame_t *frame, xlator_t *this, ret = dict_get_bin (xdata, DHT_CHANGELOG_RENAME_OP_KEY, (void **)&info); if (!ret) { /* special case: unlink considered as rename */ /* 3 == fop + oldloc + newloc */ + old_name = alloca (info->oldname_len); + new_name = alloca (info->newname_len); CHANGELOG_INIT_NOCHECK (this, frame->local, NULL, loc->inode->gfid, 3); |