From 539c3027d47959eb37e280807b731d3e37e8ac33 Mon Sep 17 00:00:00 2001 From: Xavi Hernandez Date: Tue, 5 Feb 2019 16:57:52 +0100 Subject: fuse: correctly handle setxattr values The setxattr function receives a pointer to raw data, which may not be null-terminated. When this data needs to be interpreted as a string, an explicit null termination needs to be added before using the value. Change-Id: Id110f9b215b22786da5782adec9449ce38d0d563 updates: bz#1193929 Signed-off-by: Xavi Hernandez --- libglusterfs/src/glusterfs/xlator.h | 2 +- libglusterfs/src/xlator.c | 28 +++++++++++++++++++++++++--- xlators/mount/fuse/src/fuse-bridge.c | 20 ++++++++++++++++---- 3 files changed, 42 insertions(+), 8 deletions(-) diff --git a/libglusterfs/src/glusterfs/xlator.h b/libglusterfs/src/glusterfs/xlator.h index 7002657d0bc..acd8be0913a 100644 --- a/libglusterfs/src/glusterfs/xlator.h +++ b/libglusterfs/src/glusterfs/xlator.h @@ -1036,7 +1036,7 @@ loc_is_nameless(loc_t *loc); int xlator_mem_acct_init(xlator_t *xl, int num_types); int -is_gf_log_command(xlator_t *trans, const char *name, char *value); +is_gf_log_command(xlator_t *trans, const char *name, char *value, size_t size); int glusterd_check_log_level(const char *value); int diff --git a/libglusterfs/src/xlator.c b/libglusterfs/src/xlator.c index dc1e88770fb..9bdbc569ab4 100644 --- a/libglusterfs/src/xlator.c +++ b/libglusterfs/src/xlator.c @@ -1271,8 +1271,21 @@ xlator_destroy(xlator_t *xl) return 0; } +static int32_t +gf_bin_to_string(char *dst, size_t size, void *src, size_t len) +{ + if (len >= size) { + return EINVAL; + } + + memcpy(dst, src, len); + dst[len] = 0; + + return 0; +} + int -is_gf_log_command(xlator_t *this, const char *name, char *value) +is_gf_log_command(xlator_t *this, const char *name, char *value, size_t size) { xlator_t *trav = NULL; char key[1024] = { @@ -1284,7 +1297,11 @@ is_gf_log_command(xlator_t *this, const char *name, char *value) glusterfs_ctx_t *ctx = NULL; if (!strcmp("trusted.glusterfs.syslog", name)) { - ret = gf_string2boolean(value, &syslog_flag); + ret = gf_bin_to_string(key, sizeof(key), value, size); + if (ret != 0) { + goto out; + } + ret = gf_string2boolean(key, &syslog_flag); if (ret) { ret = EOPNOTSUPP; goto out; @@ -1300,7 +1317,12 @@ is_gf_log_command(xlator_t *this, const char *name, char *value) if (fnmatch("trusted.glusterfs*set-log-level", name, FNM_NOESCAPE)) goto out; - log_level = glusterd_check_log_level(value); + ret = gf_bin_to_string(key, sizeof(key), value, size); + if (ret != 0) { + goto out; + } + + log_level = glusterd_check_log_level(key); if (log_level == -1) { ret = EOPNOTSUPP; goto out; diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c index c3945d7a13c..3479d40ceeb 100644 --- a/xlators/mount/fuse/src/fuse-bridge.c +++ b/xlators/mount/fuse/src/fuse-bridge.c @@ -3989,7 +3989,7 @@ fuse_setxattr(xlator_t *this, fuse_in_header_t *finh, void *msg, /* Check if the command is for changing the log level of process or specific xlator */ - ret = is_gf_log_command(this, name, value); + ret = is_gf_log_command(this, name, value, fsi->size); if (ret >= 0) { op_errno = ret; goto done; @@ -4034,11 +4034,23 @@ fuse_setxattr(xlator_t *this, fuse_in_header_t *finh, void *msg, * fixups to make sure that's the case. To avoid nasty * surprises, allocate an extra byte and add a NUL here. */ - dict_value = memdup(value, fsi->size + 1); + dict_value = GF_MALLOC(fsi->size + 1, gf_common_mt_char); + if (dict_value == NULL) { + gf_log("glusterfs-fuse", GF_LOG_ERROR, + "%" PRIu64 ": SETXATTR value allocation failed", + finh->unique); + op_errno = ENOMEM; + goto done; + } + memcpy(dict_value, value, fsi->size); dict_value[fsi->size] = '\0'; } - dict_set(state->xattr, newkey, - data_from_dynptr((void *)dict_value, fsi->size)); + ret = dict_set_dynptr(state->xattr, newkey, dict_value, fsi->size); + if (ret < 0) { + op_errno = -ret; + GF_FREE(dict_value); + goto done; + } state->flags = fsi->flags; state->name = newkey; -- cgit