diff options
author | Anand Avati <avati@redhat.com> | 2013-08-26 21:58:26 -0700 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2013-08-29 06:06:01 -0700 |
commit | 3a3441ef7665b5f55a9e2de63ea07173bf0f0db0 (patch) | |
tree | d4a84c396df2b3bc4565df1d273fa2384c2824da /xlators/nfs/server/src | |
parent | c8ccfda3a7af1552419ba4f9dfb719fbf0e3f211 (diff) |
nfs: prevent NFS server crash when upgrading from 3.2.x server
After an upgrade the NFS3 filehandle size changed (became smaller),
but when doing a live ugprade the client would send the old handle
(expect ESTALE and do fresh lookup). But when reading the old
handle we were reading it into a structure which was limited to the
size of the new handle, while we should have been reading into a
buffer which is as big as the NFS3 spec permits the handle size to
be. The actor functions declare the structure on the stack. So the
overflow is resulting in a stack corruption.
Change-Id: Ie930875ac9db46b43d1cb8ad1e6d89cdaeded7ca
BUG: 1002385
Signed-off-by: Anand Avati <avati@redhat.com>
Reviewed-on: http://review.gluster.org/5730
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Diffstat (limited to 'xlators/nfs/server/src')
-rw-r--r-- | xlators/nfs/server/src/nfs3-fh.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/xlators/nfs/server/src/nfs3-fh.h b/xlators/nfs/server/src/nfs3-fh.h index 23957d97780..c22f913a3a5 100644 --- a/xlators/nfs/server/src/nfs3-fh.h +++ b/xlators/nfs/server/src/nfs3-fh.h @@ -65,6 +65,11 @@ struct nfs3_fh { /* File/dir gfid. */ uuid_t gfid; + /* This structure must be exactly NFS3_FHSIZE (64) bytes long. + Having the structure shorter results in buffer overflows + during XDR decoding. + */ + unsigned char padding[NFS3_FHSIZE - GF_NFSFH_STATIC_SIZE]; } __attribute__((__packed__)); #define GF_NFS3FH_STATIC_INITIALIZER {{0},} |