libglusterfs/gfdb_data_store: handle a range-overflow condition

As the value read from the file is not checked for the range, and the same value is directly used to allocate, and read further values, it can cause major issues. CID: 1351699 updates: bz#789278 Change-Id: I7ff4c1791343861ebf98d1c615b52af54cb2485e Signed-off-by: Amar Tumballi <amarts@redhat.com>
author: Amar Tumballi <amarts@redhat.com> 2018-08-27 13:48:23 +0530
committer: Amar Tumballi <amarts@redhat.com> 2018-08-31 01:21:56 +0000
commit: 38b69225f56271503f0ac2c72c646990e8559624 (patch)
tree: 0aa03980b6b3331662523da2081f23b0e61c119f
parent: 459ea3e78136ee74b71ae00b448245de7148cdfe (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/libglusterfs/src/gfdb/gfdb_data_store_helper.c b/libglusterfs/src/gfdb/gfdb_data_store_helper.c
index d5cfb24eeba..39a97ff73d9 100644
--- a/libglusterfs/src/gfdb/gfdb_data_store_helper.c
+++ b/libglusterfs/src/gfdb/gfdb_data_store_helper.c
@@ -562,6 +562,14 @@ gfdb_read_query_record (int fd,
                 goto out;
         }
 
+        /* Assumed sane range is 1B - 10MB */
+        if ((buffer_len <= 0) || (buffer_len > (10 * 1024 * 1024))) {
+                ret = -1;
+                gf_msg (GFDB_DATA_STORE, GF_LOG_ERROR, 0, LG_MSG_DB_ERROR,
+                        "buffer length range is out of bound %d", buffer_len);
+                goto out;
+        }
+
         /* Allocating memory to the serialization buffer */
         buffer = GF_CALLOC (1, buffer_len,  gf_common_mt_char);
         if (!buffer) {
author	Amar Tumballi <amarts@redhat.com>	2018-08-27 13:48:23 +0530
committer	Amar Tumballi <amarts@redhat.com>	2018-08-31 01:21:56 +0000
commit	38b69225f56271503f0ac2c72c646990e8559624 (patch)
tree	0aa03980b6b3331662523da2081f23b0e61c119f
parent	459ea3e78136ee74b71ae00b448245de7148cdfe (diff)