diff options
author | Amar Tumballi <amarts@redhat.com> | 2018-08-28 00:01:26 +0530 |
---|---|---|
committer | Amar Tumballi <amarts@redhat.com> | 2018-08-31 01:26:06 +0000 |
commit | d3b1456c52f7dc4f21cdae2855092fda6b96af4a (patch) | |
tree | 3ccc6d7cac5c93bfcc3d67fdfd1effa853e13735 /xlators/protocol | |
parent | 6a2f83caad7ff882e3a8da5fdec4be8ceccbfdc2 (diff) |
clang-scan: fix multiple issues
* Buffer overflow issue in glusterfsd
* Null argument passed to function expecting non-null (event-epoll)
* Make sure the op_ret value is set in macro (posix)
Updates: bz#1622665
Change-Id: I32b378fc40a5e3ee800c0dfbc13335d44c9db9ac
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Diffstat (limited to 'xlators/protocol')
-rw-r--r-- | xlators/protocol/server/src/server-helpers.c | 2 | ||||
-rw-r--r-- | xlators/protocol/server/src/server-rpc-fops.c | 9 | ||||
-rw-r--r-- | xlators/protocol/server/src/server-rpc-fops_v2.c | 9 | ||||
-rw-r--r-- | xlators/protocol/server/src/server.c | 2 |
4 files changed, 20 insertions, 2 deletions
diff --git a/xlators/protocol/server/src/server-helpers.c b/xlators/protocol/server/src/server-helpers.c index f6fb32ed140..ce2097765b1 100644 --- a/xlators/protocol/server/src/server-helpers.c +++ b/xlators/protocol/server/src/server-helpers.c @@ -331,7 +331,7 @@ server_connection_cleanup (xlator_t *this, client_t *client, int cd_ret = 0; int ret = 0; - GF_VALIDATE_OR_GOTO (this->name, this, out); + GF_VALIDATE_OR_GOTO ("server", this, out); GF_VALIDATE_OR_GOTO (this->name, client, out); GF_VALIDATE_OR_GOTO (this->name, flags, out); diff --git a/xlators/protocol/server/src/server-rpc-fops.c b/xlators/protocol/server/src/server-rpc-fops.c index 915e166223c..c5015befa7e 100644 --- a/xlators/protocol/server/src/server-rpc-fops.c +++ b/xlators/protocol/server/src/server-rpc-fops.c @@ -2201,6 +2201,15 @@ server_compound_cbk (call_frame_t *frame, void *cookie, xlator_t *this, STACK_ERR_XL_NAME (frame->root)); } + /* TODO: I assume a single 10MB payload is large, if not, we need to + agree to valid payload */ + if ((args_cbk->fop_length <= 0) || + ((args_cbk->fop_length > (10 * 1024 * 1024)))) { + op_ret = -1; + op_errno = EINVAL; + goto out; + } + rsp.compound_rsp_array.compound_rsp_array_val = GF_CALLOC (args_cbk->fop_length, sizeof (compound_rsp), diff --git a/xlators/protocol/server/src/server-rpc-fops_v2.c b/xlators/protocol/server/src/server-rpc-fops_v2.c index 09d404f2d86..64ca0bbf65b 100644 --- a/xlators/protocol/server/src/server-rpc-fops_v2.c +++ b/xlators/protocol/server/src/server-rpc-fops_v2.c @@ -5830,6 +5830,15 @@ server4_compound_cbk (call_frame_t *frame, void *cookie, xlator_t *this, STACK_ERR_XL_NAME (frame->root)); } + /* TODO: I assume a single 10MB payload is large, if not, we need to + agree to valid payload */ + if ((args_cbk->fop_length <= 0) || + ((args_cbk->fop_length > (10 * 1024 * 1024)))) { + op_ret = -1; + op_errno = EINVAL; + goto out; + } + rsp.compound_rsp_array.compound_rsp_array_val = GF_CALLOC (args_cbk->fop_length, sizeof (compound_rsp_v2), diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c index 4cf4b4aeac1..c95a541cbc2 100644 --- a/xlators/protocol/server/src/server.c +++ b/xlators/protocol/server/src/server.c @@ -187,7 +187,7 @@ server_priv_to_dict (xlator_t *this, dict_t *dict, char *brickname) pthread_mutex_lock (&conf->mutex); { list_for_each_entry (xprt, &conf->xprt_list, list) { - if ((xprt) && (xprt->xl_private) && + if ((xprt->xl_private) && (xprt->xl_private->bound_xl) && (xprt->xl_private->bound_xl->name) && (brickname) && (!strcmp (brickname, |