From 1dd80a2e7762bc72d11a432a1ebd16be181dcb86 Mon Sep 17 00:00:00 2001
From: Santosh Kumar Pradhan <spradhan@redhat.com>
Date: Fri, 9 May 2014 15:01:19 +0530
Subject: rpcsvc: Validate RPC procedure number before fetch

While accessing the procedures of given RPC program in,
rpcsvc_get_program_vector_sizer(), It was not checking boundary
conditions which would cause buffer overflow and subsequently SEGV.

Make sure rpcsvc_actor_t arrays have numactors number of actors.

FIX:
Validate the RPC procedure number before fetching the actor.

Special Thanks to: Murray Ketchion, Grant Byers

Change-Id: I8b5abd406d47fab8fca65b3beb73cdfe8cd85b72
BUG: 1096020
Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-on: http://review.gluster.org/7726
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Anand Avati <avati@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-handshake.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'xlators/mgmt/glusterd/src/glusterd-handshake.c')

diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c
index dbaa972937b..2901b98d847 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handshake.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c
@@ -1137,7 +1137,7 @@ server_get_volume_info (rpcsvc_request_t *req)
                                             __server_get_volume_info);
 }
 
-rpcsvc_actor_t gluster_handshake_actors[] = {
+rpcsvc_actor_t gluster_handshake_actors[GF_HNDSK_MAXVALUE] = {
         [GF_HNDSK_NULL]         = {"NULL",        GF_HNDSK_NULL,         NULL,                NULL, 0, DRC_NA},
         [GF_HNDSK_GETSPEC]      = {"GETSPEC",     GF_HNDSK_GETSPEC,      server_getspec,      NULL, 0, DRC_NA},
         [GF_HNDSK_EVENT_NOTIFY] = {"EVENTNOTIFY", GF_HNDSK_EVENT_NOTIFY, server_event_notify, NULL, 0, DRC_NA},
@@ -1154,7 +1154,7 @@ struct rpcsvc_program gluster_handshake_prog = {
 };
 
 /* A minimal RPC program just for the cli getspec command */
-rpcsvc_actor_t gluster_cli_getspec_actors[] = {
+rpcsvc_actor_t gluster_cli_getspec_actors[GF_HNDSK_MAXVALUE] = {
         [GF_HNDSK_GETSPEC]      = {"GETSPEC",     GF_HNDSK_GETSPEC,      server_getspec,      NULL, 0, DRC_NA},
 };
 
@@ -1170,6 +1170,7 @@ struct rpcsvc_program gluster_cli_getspec_prog = {
 char *glusterd_dump_proc[GF_DUMP_MAXVALUE] = {
         [GF_DUMP_NULL] = "NULL",
         [GF_DUMP_DUMP] = "DUMP",
+        [GF_DUMP_PING] = "PING",
 };
 
 rpc_clnt_prog_t glusterd_dump_prog = {
@@ -1180,16 +1181,16 @@ rpc_clnt_prog_t glusterd_dump_prog = {
 };
 
 
-rpcsvc_actor_t glusterd_mgmt_hndsk_actors[] = {
+rpcsvc_actor_t glusterd_mgmt_hndsk_actors[GD_MGMT_HNDSK_MAXVALUE] = {
         [GD_MGMT_HNDSK_NULL]            = {"NULL", GD_MGMT_HNDSK_NULL, NULL,
-                                           NULL, 0},
+                                           NULL, 0, DRC_NA},
         [GD_MGMT_HNDSK_VERSIONS]        = {"MGMT-VERS", GD_MGMT_HNDSK_VERSIONS,
                                            glusterd_mgmt_hndsk_versions, NULL,
-                                           0},
+                                           0, DRC_NA},
         [GD_MGMT_HNDSK_VERSIONS_ACK]    = {"MGMT-VERS-ACK",
                                            GD_MGMT_HNDSK_VERSIONS_ACK,
                                            glusterd_mgmt_hndsk_versions_ack,
-                                           NULL, 0},
+                                           NULL, 0, DRC_NA},
 };
 
 struct rpcsvc_program glusterd_mgmt_hndsk_prog = {
-- 
cgit