summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKinglong Mee <kinglongmee@gmail.com>2018-11-08 10:21:29 +0800
committersoumya k <skoduri@redhat.com>2018-11-08 15:12:22 +0000
commit6d4cd8ce6c0d88d331ffed97c51d3061a3900561 (patch)
tree28f4ff5abe58cbc9240d122414063e753f815d6c
parentbdb4ca184913c82ccf9552298f5d5b597794f2aa (diff)
gfapi: fix bad dict setting of lease-id
lease_id is a 16 bits opaque data, copying it by gf_strdup is wrong. Invalid read of size 2 at 0x483FA2F: memmove (vg_replace_strmem.c:1270) by 0xE2EF6FB: ??? (in /usr/lib64/libtirpc.so.3.0.0) by 0xE2EE047: xdr_opaque (in /usr/lib64/libtirpc.so.3.0.0) by 0x107A97DC: xdr_gfx_value (glusterfs4-xdr.c:207) by 0x107A98C0: xdr_gfx_dict_pair (glusterfs4-xdr.c:321) by 0xE2EF35E: xdr_array (in /usr/lib64/libtirpc.so.3.0.0) by 0x107A9A89: xdr_gfx_dict (glusterfs4-xdr.c:335) by 0x107AA97B: xdr_gfx_write_req (glusterfs4-xdr.c:897) by 0x107A181E: xdr_serialize_generic (xdr-generic.c:25) by 0x231044A2: client_submit_request (client.c:205) by 0x2314D3C1: client4_0_writev (client-rpc-fops_v2.c:3863) by 0x230FD5FA: client_writev (client.c:956) Address 0xad659e18 is 72 bytes inside a block of size 73 alloc'd at 0x483880B: malloc (vg_replace_malloc.c:299) by 0x106BA7EC: __gf_malloc (mem-pool.c:136) by 0x1064521E: gf_strndup (mem-pool.h:166) by 0x1064521E: gf_strdup (mem-pool.h:183) by 0x1064521E: get_fop_attr_thrd_key (glfs.c:627) by 0x1064D8E9: glfs_pwritev@@GFAPI_3.4.0 (glfs-fops.c:1154) by 0x10610C0C: glusterfs_write2 (handle.c:2092) by 0x54D30C: mdcache_write2 (mdcache_file.c:647) by 0x48A3FC: nfs4_write (nfs4_op_write.c:459) by 0x48A44D: nfs4_op_write (nfs4_op_write.c:487) by 0x4634F5: nfs4_Compound (nfs4_Compound.c:947) by 0x460155: nfs_rpc_process_request (nfs_worker_thread.c:1329) by 0x4608A3: nfs_rpc_valid_NFS (nfs_worker_thread.c:1539) by 0x488F12F: svc_vc_decode (svc_vc.c:825) Updates bz#1647651 Change-Id: Ib9fff55c897bc43c15036a869888e763df133757 Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
-rw-r--r--api/src/glfs.c26
1 files changed, 16 insertions, 10 deletions
diff --git a/api/src/glfs.c b/api/src/glfs.c
index 2365fac13f9..4c951d7b6f1 100644
--- a/api/src/glfs.c
+++ b/api/src/glfs.c
@@ -583,7 +583,7 @@ get_fop_attr_glfd(dict_t **fop_attr, struct glfs_fd *glfd)
dict_create = _gf_true;
}
GF_CHECK_ALLOC_AND_LOG("gfapi", *fop_attr, ret, "dict_new failed", out);
- ret = dict_set_static_bin(*fop_attr, "lease-id", leaseid, LEASE_ID_SIZE);
+ ret = dict_set_bin(*fop_attr, "lease-id", leaseid, LEASE_ID_SIZE);
out:
if (ret) {
GF_FREE(leaseid);
@@ -613,26 +613,32 @@ set_fop_attr_glfd(struct glfs_fd *glfd)
int
get_fop_attr_thrd_key(dict_t **fop_attr)
{
- char *lease_id = NULL;
+ char *existing_leaseid = NULL, *leaseid = NULL;
int ret = 0;
gf_boolean_t dict_create = _gf_false;
- lease_id = gf_existing_leaseid();
- if (lease_id) {
+ existing_leaseid = gf_existing_leaseid();
+ if (existing_leaseid) {
+ leaseid = GF_MALLOC(LEASE_ID_SIZE, gf_common_mt_char);
+ GF_CHECK_ALLOC_AND_LOG("gfapi", leaseid, ret, "lease id alloc failed",
+ out);
+ memcpy(leaseid, existing_leaseid, LEASE_ID_SIZE);
if (*fop_attr == NULL) {
*fop_attr = dict_new();
dict_create = _gf_true;
}
GF_CHECK_ALLOC_AND_LOG("gfapi", *fop_attr, ret, "dict_new failed", out);
- ret = dict_set_bin(*fop_attr, "lease-id", gf_strdup(lease_id),
- LEASE_ID_SIZE);
+ ret = dict_set_bin(*fop_attr, "lease-id", leaseid, LEASE_ID_SIZE);
}
out:
- if (ret && dict_create) {
- if (*fop_attr)
- dict_unref(*fop_attr);
- *fop_attr = NULL;
+ if (ret) {
+ GF_FREE(leaseid);
+ if (dict_create) {
+ if (*fop_attr)
+ dict_unref(*fop_attr);
+ *fop_attr = NULL;
+ }
}
return ret;
}