diff options
author | Xavi Hernandez <xhernandez@redhat.com> | 2019-02-05 16:57:52 +0100 |
---|---|---|
committer | Amar Tumballi <amarts@redhat.com> | 2019-02-07 10:56:33 +0000 |
commit | 539c3027d47959eb37e280807b731d3e37e8ac33 (patch) | |
tree | b06ff2583a50665f62868e01fb38d42304d1a66c | |
parent | 208c368cc7e6f8124bf65ecefdbc5f4304b4f484 (diff) |
fuse: correctly handle setxattr values
The setxattr function receives a pointer to raw data, which may not be
null-terminated. When this data needs to be interpreted as a string, an
explicit null termination needs to be added before using the value.
Change-Id: Id110f9b215b22786da5782adec9449ce38d0d563
updates: bz#1193929
Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
-rw-r--r-- | libglusterfs/src/glusterfs/xlator.h | 2 | ||||
-rw-r--r-- | libglusterfs/src/xlator.c | 28 | ||||
-rw-r--r-- | xlators/mount/fuse/src/fuse-bridge.c | 20 |
3 files changed, 42 insertions, 8 deletions
diff --git a/libglusterfs/src/glusterfs/xlator.h b/libglusterfs/src/glusterfs/xlator.h index 7002657d0bc..acd8be0913a 100644 --- a/libglusterfs/src/glusterfs/xlator.h +++ b/libglusterfs/src/glusterfs/xlator.h @@ -1036,7 +1036,7 @@ loc_is_nameless(loc_t *loc); int xlator_mem_acct_init(xlator_t *xl, int num_types); int -is_gf_log_command(xlator_t *trans, const char *name, char *value); +is_gf_log_command(xlator_t *trans, const char *name, char *value, size_t size); int glusterd_check_log_level(const char *value); int diff --git a/libglusterfs/src/xlator.c b/libglusterfs/src/xlator.c index dc1e88770fb..9bdbc569ab4 100644 --- a/libglusterfs/src/xlator.c +++ b/libglusterfs/src/xlator.c @@ -1271,8 +1271,21 @@ xlator_destroy(xlator_t *xl) return 0; } +static int32_t +gf_bin_to_string(char *dst, size_t size, void *src, size_t len) +{ + if (len >= size) { + return EINVAL; + } + + memcpy(dst, src, len); + dst[len] = 0; + + return 0; +} + int -is_gf_log_command(xlator_t *this, const char *name, char *value) +is_gf_log_command(xlator_t *this, const char *name, char *value, size_t size) { xlator_t *trav = NULL; char key[1024] = { @@ -1284,7 +1297,11 @@ is_gf_log_command(xlator_t *this, const char *name, char *value) glusterfs_ctx_t *ctx = NULL; if (!strcmp("trusted.glusterfs.syslog", name)) { - ret = gf_string2boolean(value, &syslog_flag); + ret = gf_bin_to_string(key, sizeof(key), value, size); + if (ret != 0) { + goto out; + } + ret = gf_string2boolean(key, &syslog_flag); if (ret) { ret = EOPNOTSUPP; goto out; @@ -1300,7 +1317,12 @@ is_gf_log_command(xlator_t *this, const char *name, char *value) if (fnmatch("trusted.glusterfs*set-log-level", name, FNM_NOESCAPE)) goto out; - log_level = glusterd_check_log_level(value); + ret = gf_bin_to_string(key, sizeof(key), value, size); + if (ret != 0) { + goto out; + } + + log_level = glusterd_check_log_level(key); if (log_level == -1) { ret = EOPNOTSUPP; goto out; diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index c3945d7a13c..3479d40ceeb 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -3989,7 +3989,7 @@ fuse_setxattr(xlator_t *this, fuse_in_header_t *finh, void *msg, /* Check if the command is for changing the log level of process or specific xlator */ - ret = is_gf_log_command(this, name, value); + ret = is_gf_log_command(this, name, value, fsi->size); if (ret >= 0) { op_errno = ret; goto done; @@ -4034,11 +4034,23 @@ fuse_setxattr(xlator_t *this, fuse_in_header_t *finh, void *msg, * fixups to make sure that's the case. To avoid nasty * surprises, allocate an extra byte and add a NUL here. */ - dict_value = memdup(value, fsi->size + 1); + dict_value = GF_MALLOC(fsi->size + 1, gf_common_mt_char); + if (dict_value == NULL) { + gf_log("glusterfs-fuse", GF_LOG_ERROR, + "%" PRIu64 ": SETXATTR value allocation failed", + finh->unique); + op_errno = ENOMEM; + goto done; + } + memcpy(dict_value, value, fsi->size); dict_value[fsi->size] = '\0'; } - dict_set(state->xattr, newkey, - data_from_dynptr((void *)dict_value, fsi->size)); + ret = dict_set_dynptr(state->xattr, newkey, dict_value, fsi->size); + if (ret < 0) { + op_errno = -ret; + GF_FREE(dict_value); + goto done; + } state->flags = fsi->flags; state->name = newkey; |