diff options
| author | Krutika Dhananjay <kdhananj@redhat.com> | 2012-11-28 22:29:36 +0530 |
|---|---|---|
| committer | Anand Avati <avati@redhat.com> | 2012-12-19 13:18:58 -0800 |
| commit | da7ca1efcf3a621c27f05d621715e57fdc5aa397 (patch) | |
| tree | 59d2ae86837f00d68a1348604ba5a9a2c70b9221 /xlators | |
| parent | 6b0d888e0729e7f7922d9b0a76dc27bae724e812 (diff) | |
protocol/server: Do not access key after GF_FREE in _delete_auth_opt()
PROBLEMS:
1.'key' becomes a dangling pointer after the first call to dict_del()
returns, in _delete_auth_opt(). Therefore, the second call to
fnmatch() is made with 'key' pointing to deallocated space.
2. Also, the name _delete_auth_opt seems to suggest that the function
is intended to match and delete "auth" options from the dictionary.
But it winds up deleting all the options irrespective of whether
the pattern match was successful or not. The same is true with
_copy_auth_opt().
FIX:
Changed _delete_auth_opt() to delete the key ONLY if it matches either
of the two patterns (auth.addr.*.allow and auth.addr.*.reject).
Similarly, changed _copy_auth_opt() along the same lines.
Change-Id: Ic8664e5a0a29cefe43cb59a27e32fbdbeac154b5
BUG: 881062
Signed-off-by: Krutika Dhananjay <kdhananj@redhat.com>
Reviewed-on: http://review.gluster.org/4337
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/protocol/server/src/server.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c index 908f62a7b84..19f09a82f2f 100644 --- a/xlators/protocol/server/src/server.c +++ b/xlators/protocol/server/src/server.c @@ -839,13 +839,16 @@ static int _delete_auth_opt (dict_t *this, char *key, data_t *value, void *data) { char *auth_option_pattern[] = { "auth.addr.*.allow", - "auth.addr.*.reject"}; + "auth.addr.*.reject", + NULL}; + int i = 0; - if (fnmatch ( auth_option_pattern[0], key, 0) != 0) - dict_del (this, key); - - if (fnmatch ( auth_option_pattern[1], key, 0) != 0) - dict_del (this, key); + for (i = 0; auth_option_pattern[i]; i++) { + if (fnmatch (auth_option_pattern[i], key, 0) == 0) { + dict_del (this, key); + break; + } + } return 0; } @@ -855,12 +858,16 @@ static int _copy_auth_opt (dict_t *unused, char *key, data_t *value, void *xl_dict) { char *auth_option_pattern[] = { "auth.addr.*.allow", - "auth.addr.*.reject"}; - if (fnmatch ( auth_option_pattern[0], key, 0) != 0) - dict_set ((dict_t *)xl_dict, key, (value)); + "auth.addr.*.reject", + NULL}; + int i = 0; - if (fnmatch ( auth_option_pattern[1], key, 0) != 0) - dict_set ((dict_t *)xl_dict, key, (value)); + for (i = 0; auth_option_pattern [i]; i++) { + if (fnmatch (auth_option_pattern[i], key, 0) == 0) { + dict_set ((dict_t *)xl_dict, key, value); + break; + } + } return 0; } |