diff options
author | Anand Avati <avati@redhat.com> | 2013-08-26 21:58:26 -0700 |
---|---|---|
committer | Anand Avati <avati@redhat.com> | 2013-09-09 17:16:41 -0700 |
commit | 6e9dbdd6e16cca1e32e7c7e00b2618a837f1c18a (patch) | |
tree | adbcb69fb756f924e3f61680bcab40040cfb22af /xlators/nfs/server/src | |
parent | 7ad7c0171cb8341ac8293c6b01313e2eac8bab07 (diff) |
nfs: prevent NFS server crash when upgrading from 3.2.x server
After an upgrade the NFS3 filehandle size changed (became smaller),
but when doing a live ugprade the client would send the old handle
(expect ESTALE and do fresh lookup). But when reading the old
handle we were reading it into a structure which was limited to the
size of the new handle, while we should have been reading into a
buffer which is as big as the NFS3 spec permits the handle size to
be. The actor functions declare the structure on the stack. So the
overflow is resulting in a stack corruption.
Change-Id: Ie930875ac9db46b43d1cb8ad1e6d89cdaeded7ca
BUG: 1002385
Signed-off-by: Anand Avati <avati@redhat.com>
Reviewed-on: http://review.gluster.org/5730
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-on: http://review.gluster.org/5804
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Diffstat (limited to 'xlators/nfs/server/src')
-rw-r--r-- | xlators/nfs/server/src/nfs3-fh.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/xlators/nfs/server/src/nfs3-fh.h b/xlators/nfs/server/src/nfs3-fh.h index a9002afe724..be226f45acb 100644 --- a/xlators/nfs/server/src/nfs3-fh.h +++ b/xlators/nfs/server/src/nfs3-fh.h @@ -63,6 +63,11 @@ struct nfs3_fh { /* File/dir gfid. */ uuid_t gfid; + /* This structure must be exactly NFS3_FHSIZE (64) bytes long. + Having the structure shorter results in buffer overflows + during XDR decoding. + */ + unsigned char padding[NFS3_FHSIZE - GF_NFSFH_STATIC_SIZE]; } __attribute__((__packed__)); #define GF_NFS3FH_STATIC_INITIALIZER {{0},} |