glusterd-handshake: prevent a buffer overflow

as key size in xdr can be anything, it can be bigger than the 'NAME_MAX' allowed in the structure, which can allow for service denial attacks. Fixes: CVE-2018-14653 Fixes: bz#1647670 Change-Id: I2dc5e99af27ddf44c12c94b07e51adb8674cce80 Signed-off-by: Amar Tumballi <amarts@redhat.com>
author: Amar Tumballi <amarts@redhat.com> 2018-11-01 07:08:29 +0530
committer: Shyamsundar Ranganathan <srangana@redhat.com> 2018-11-09 18:44:53 +0000
commit: 6abe44670172f2031440b9c37923c07b712694e8 (patch)
tree: c791ea71fe689150875559f41e37f5722eb28bf4 /xlators
parent: f0b5816f775ee75d42946694f031e70616a98cd9 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c
index 7cc5e98814f..f8104871451 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handshake.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c
@@ -906,6 +906,13 @@ __server_getspec (rpcsvc_request_t *req)
 
         volume = args.key;
 
+    if (strlen(volume) >= (NAME_MAX)) {
+        op_errno = EINVAL;
+        gf_msg(this->name, GF_LOG_ERROR, EINVAL, GD_MSG_NAME_TOO_LONG,
+               "volume name too long (%s)", volume);
+        goto fail;
+    }
+
         /* Need to strip leading '/' from volnames. This was introduced to
          * support nfs style mount parameters for native gluster mount
          */
author	Amar Tumballi <amarts@redhat.com>	2018-11-01 07:08:29 +0530
committer	Shyamsundar Ranganathan <srangana@redhat.com>	2018-11-09 18:44:53 +0000
commit	6abe44670172f2031440b9c37923c07b712694e8 (patch)
tree	c791ea71fe689150875559f41e37f5722eb28bf4 /xlators
parent	f0b5816f775ee75d42946694f031e70616a98cd9 (diff)