summaryrefslogtreecommitdiffstats
path: root/xlators/mgmt/glusterd/src/glusterd-store.c
diff options
context:
space:
mode:
authorJim Meyering <meyering@redhat.com>2012-06-19 11:41:19 +0200
committerAnand Avati <avati@redhat.com>2012-07-11 19:13:31 -0700
commit57e72677ac1123b583be8daec2287efac87362df (patch)
tree610004e098233740386a184b8e33321a50e1fb31 /xlators/mgmt/glusterd/src/glusterd-store.c
parentfa946a8448dd3916c3fb31c9ba6cf195f98fc58c (diff)
glusterd: avoid buffer overrun for over-long volname
[in glusterd_store_is_valid_brickpath] When strlen(volname) is no smaller than sizeof(volinfo->volname), volinfo->volname would end up not being NUL-terminated. Then, a use of that buffer that expects it to be NUL-terminated (i.e., glusterd_store_brickinfopath_set's GLUSTERD_GET_BRICK_DIR) will access beyond the end of the buffer. Instead, diagnose the too-long volume name and fail. Change-Id: I655d8638547bf342d33280c14ff1edacc3cdeb5a BUG: 789278 Signed-off-by: Jim Meyering <meyering@redhat.com> Reviewed-on: http://review.gluster.com/3591 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'xlators/mgmt/glusterd/src/glusterd-store.c')
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-store.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-store.c b/xlators/mgmt/glusterd/src/glusterd-store.c
index b9177b3c089..a70256c398f 100644
--- a/xlators/mgmt/glusterd/src/glusterd-store.c
+++ b/xlators/mgmt/glusterd/src/glusterd-store.c
@@ -232,6 +232,7 @@ glusterd_store_is_valid_brickpath (char *volname, char *brick)
glusterd_brickinfo_t *brickinfo = NULL;
glusterd_volinfo_t *volinfo = NULL;
int32_t ret = 0;
+ size_t volname_len = strlen (volname);
ret = glusterd_brickinfo_from_brick (brick, &brickinfo);
if (ret) {
@@ -245,7 +246,12 @@ glusterd_store_is_valid_brickpath (char *volname, char *brick)
ret = 0;
goto out;
}
- strncpy (volinfo->volname, volname, sizeof (volinfo->volname));
+ if (volname_len >= sizeof (volinfo->volname)) {
+ gf_log ("", GF_LOG_WARNING, "volume name too long");
+ ret = 0;
+ goto out;
+ }
+ memcpy (volinfo->volname, volname, volname_len+1);
glusterd_store_brickinfopath_set (volinfo, brickinfo, brickpath,
sizeof (brickpath));