summaryrefslogtreecommitdiffstats
path: root/xlators
diff options
context:
space:
mode:
authorNiels de Vos <ndevos@redhat.com>2014-12-14 21:33:17 +0100
committerVenky Shankar <vshankar@redhat.com>2015-03-04 04:43:44 -0800
commit80ebd3a25ae7dcfcaebec58d7a80b919e2eed5ee (patch)
treeba621c6f367955b3ef1a319cbad27f2d043b1437 /xlators
parentf8b1bedd9de38d3d3be0b05c1bf5231f979a2cf1 (diff)
changelog: Unchecked buffer fill in gf_history_changelog_next_change
A gf_history_changelog_next_change() calls gf_readline() to fill a buffer without checking buffer size. The size of maxlen is not verified to be less than the lenght of buffer. This could result in the over filling of buffer of maxlen is greater than PATH_MAX. Check the size of maxlen to be less than PATH_MAX and return a fail code as needed. BUG: 1174017 Change-Id: Ic53b1a6e25af69a339bc15fb2d233dc1e457910f Reported-by: Keith Schincke <kschinck@redhat.com> Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/9275 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Venky Shankar <vshankar@redhat.com> Tested-by: Venky Shankar <vshankar@redhat.com>
Diffstat (limited to 'xlators')
-rw-r--r--xlators/features/changelog/lib/src/gf-changelog.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/xlators/features/changelog/lib/src/gf-changelog.c b/xlators/features/changelog/lib/src/gf-changelog.c
index 18eeac3e1a4..fb2d9037ffb 100644
--- a/xlators/features/changelog/lib/src/gf-changelog.c
+++ b/xlators/features/changelog/lib/src/gf-changelog.c
@@ -336,6 +336,11 @@ gf_changelog_next_change (char *bufptr, size_t maxlen)
gf_changelog_t *gfc = NULL;
char buffer[PATH_MAX] = {0,};
+ if (maxlen > PATH_MAX) {
+ errno = ENAMETOOLONG;
+ goto out;
+ }
+
errno = EINVAL;
this = THIS;