From f56b94d85ae5063ba9eb97c6ed07fc869f0e4b53 Mon Sep 17 00:00:00 2001 From: Susant Palai Date: Thu, 4 Jun 2015 22:37:11 +0530 Subject: glusterd: Buffer overflow causing crash for glusterd Backport of http://review.gluster.org/11090 Problem: In GLUSTERD_GET_DEFRAG_PROCESS we are using PATH_MAX (4096) as the max size of the input for target path, but we have allocated NAME_MAX (255) size of buffer for the target. Now this crash is not seen with source, but seen with RPMS. The reason is _foritfy_fail. This check happens when _FORTIFY_SOURCE is enabled. This option tries to figure out possible overflow scenarios like the bug here and does crash the process. BUG: 1227677 Change-Id: I50cf83cb60c640e46cc7a1a8d3a8321b9147fba9 Signed-off-by: Susant Palai Reviewed-on: http://review.gluster.org/11091 Reviewed-by: Atin Mukherjee Tested-by: Gluster Build System Tested-by: NetBSD Build System --- xlators/mgmt/glusterd/src/glusterd.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xlators/mgmt/glusterd/src/glusterd.h b/xlators/mgmt/glusterd/src/glusterd.h index 5defc447426..59234bc32bc 100644 --- a/xlators/mgmt/glusterd/src/glusterd.h +++ b/xlators/mgmt/glusterd/src/glusterd.h @@ -602,9 +602,9 @@ typedef ssize_t (*gd_serialize_t) (struct iovec outmsg, void *args); #define GLUSTERD_GET_DEFRAG_PROCESS(path, volinfo) do { \ if (volinfo->rebal.defrag_cmd == GF_DEFRAG_CMD_START_TIER) \ - snprintf (path, PATH_MAX, "tier"); \ + snprintf (path, NAME_MAX, "tier"); \ else \ - snprintf (path, PATH_MAX, "rebalance"); \ + snprintf (path, NAME_MAX, "rebalance"); \ } while (0) #define GLUSTERD_GET_DEFRAG_DIR(path, volinfo, priv) do { \ -- cgit