diff options
| author | shishir gowda <shishirng@gluster.com> | 2010-08-05 01:58:46 +0000 | 
|---|---|---|
| committer | Anand V. Avati <avati@dev.gluster.com> | 2010-08-06 03:37:24 -0700 | 
| commit | d8a94293b142f963ad255e4fe9c2d1fafe3caeb6 (patch) | |
| tree | c707f7c1038255dc1a203ef2790da037528f0fd1 /xlators/protocol/legacy/server/src/server-protocol.c | |
| parent | b04d963e91f8b3c72343e1043d6ed8c68699c4fe (diff) | |
Fix for seg fault in dict_unserialize if undersized buffers are passed
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 1031 (dict_unserialize crash if undersized buffers passed)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1031
Diffstat (limited to 'xlators/protocol/legacy/server/src/server-protocol.c')
| -rw-r--r-- | xlators/protocol/legacy/server/src/server-protocol.c | 22 | 
1 files changed, 20 insertions, 2 deletions
| diff --git a/xlators/protocol/legacy/server/src/server-protocol.c b/xlators/protocol/legacy/server/src/server-protocol.c index e6c668d1567..5193e54b1f5 100644 --- a/xlators/protocol/legacy/server/src/server-protocol.c +++ b/xlators/protocol/legacy/server/src/server-protocol.c @@ -5888,6 +5888,7 @@ static call_frame_t *  get_frame_for_call (transport_t *trans, gf_hdr_common_t *hdr)  {          call_frame_t *frame = NULL; +        int32_t      ret = -1;          frame = get_frame_for_transport (trans); @@ -5899,7 +5900,12 @@ get_frame_for_call (transport_t *trans, gf_hdr_common_t *hdr)          frame->root->gid         = ntoh32 (hdr->req.gid);          frame->root->pid         = ntoh32 (hdr->req.pid);          frame->root->lk_owner    = ntoh64 (hdr->req.lk_owner); -        server_decode_groups (frame, hdr); +        ret = server_decode_groups (frame, hdr); + +        if (ret) { +                //FRAME_DESTROY (frame); +                return NULL; +        }          return frame;  } @@ -6021,6 +6027,10 @@ protocol_server_interpret (xlator_t *this, transport_t *trans,                          break;                  }                  frame = get_frame_for_call (trans, hdr); +                if (!frame) { +                        ret = -1; +                        goto out; +                }  		frame->op = op;                  ret = gf_fops[op] (frame, bound_xl, hdr, hdrlen, iobuf);                  break; @@ -6033,6 +6043,10 @@ protocol_server_interpret (xlator_t *this, transport_t *trans,                          break;                  }                  frame = get_frame_for_call (trans, hdr); +                if (!frame) { +                        ret = -1; +                        goto out; +                }  		frame->op = op;                  ret = gf_mops[op] (frame, bound_xl, hdr, hdrlen, iobuf);                  break; @@ -6051,13 +6065,17 @@ protocol_server_interpret (xlator_t *this, transport_t *trans,                  }                  frame = get_frame_for_call (trans, hdr); +                if (!frame) { +                        ret = -1; +                        goto out; +                }                  ret = gf_cbks[op] (frame, bound_xl, hdr, hdrlen, iobuf);                  break;          default:                  break;          } - +out:          return ret;  } | 
