summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAmar Tumballi <amarts@redhat.com>2018-11-01 07:08:29 +0530
committerShyamsundar Ranganathan <srangana@redhat.com>2018-11-08 15:47:43 +0000
commit2308c6368cc08b38021acd228f461ce45a2a15c6 (patch)
tree38c7cc3cd8eda9cfb7d888976becb6679e22862c
parentda9e2a4861558ba036787458ecc4e68b3c84f056 (diff)
glusterd-handshake: prevent a buffer overflow
as key size in xdr can be anything, it can be bigger than the 'NAME_MAX' allowed in the structure, which can allow for service denial attacks. Fixes: CVE-2018-14653 Fixes: bz#1647664 Change-Id: I2dc5e99af27ddf44c12c94b07e51adb8674cce80 Signed-off-by: Amar Tumballi <amarts@redhat.com>
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-handshake.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c
index d341b4918d2..53b500f4986 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handshake.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c
@@ -913,6 +913,13 @@ __server_getspec(rpcsvc_request_t *req)
volume = args.key;
+ if (strlen(volume) >= (NAME_MAX)) {
+ op_errno = EINVAL;
+ gf_msg(this->name, GF_LOG_ERROR, EINVAL, GD_MSG_NAME_TOO_LONG,
+ "volume name too long (%s)", volume);
+ goto fail;
+ }
+
/* Need to strip leading '/' from volnames. This was introduced to
* support nfs style mount parameters for native gluster mount
*/