diff options
author | Emmanuel Dreyfus <manu@netbsd.org> | 2015-04-27 06:32:40 +0200 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2015-04-27 05:32:50 -0700 |
commit | 464d0d15328bd54173b367953ba9ee58d697afe5 (patch) | |
tree | 3593026f6ca2d7437155d74413623489f3f85be7 | |
parent | 472d5c67013913ca8646f32ece214a767a955ef9 (diff) |
tier: fix off-by-one overrun in UUID string
UUID strings are UUID_CANONICAL_FORM_LEN (36) bytes long
plus the trailing nul character that various function (e.g.:
uuid_unparse) will add. As a consequence, UUID strings must
be declared as UUID_CANONICAL_FORM_LEN+1 long, otherwise
we get a off-by-one overrun that corrupts the next variable
on stack.
BUG: 1129939
Change-Id: I5837ad6ca06fa17cc7ab143eedd02d8099ecca2a
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/10394
Tested-by: NetBSD Build System
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
-rw-r--r-- | xlators/cluster/dht/src/tier.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/xlators/cluster/dht/src/tier.c b/xlators/cluster/dht/src/tier.c index cbe91c362c8..8180d77787d 100644 --- a/xlators/cluster/dht/src/tier.c +++ b/xlators/cluster/dht/src/tier.c @@ -389,7 +389,7 @@ static int tier_gf_query_callback (gfdb_query_record_t *gfdb_query_record, void *_args) { int ret = -1; - char gfid_str[UUID_CANONICAL_FORM_LEN] = ""; + char gfid_str[UUID_CANONICAL_FORM_LEN+1] = ""; query_cbk_args_t *query_cbk_args = _args; GF_VALIDATE_OR_GOTO ("tier", query_cbk_args, out); |