From 1ea9c9a3d59d8c3ddf1e27e2939c136a4ed3c6e8 Mon Sep 17 00:00:00 2001 From: Susant Palai Date: Thu, 4 Jun 2015 22:37:11 +0530 Subject: glusterd: Buffer overflow causing crash for glusterd Problem: In GLUSTERD_GET_DEFRAG_PROCESS we are using PATH_MAX (4096) as the max size of the input for target path, but we have allocated NAME_MAX (255) size of buffer for the target. Now this crash is not seen with source install, but is seen with RPMS. The reason is _foritfy_fail. This check happens when _FORTIFY_SOURCE flag is enabled. This option tries to figure out possible overflow scenarios like the bug here and does crash the process. Change-Id: I26261be85936d2e94a526fdcaa8d3249f8af11c3 BUG: 1228093 Signed-off-by: Susant Palai Reviewed-on: http://review.gluster.org/11090 Tested-by: Gluster Build System Reviewed-by: N Balachandran Reviewed-by: Raghavendra G --- xlators/mgmt/glusterd/src/glusterd.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'xlators/mgmt/glusterd/src/glusterd.h') diff --git a/xlators/mgmt/glusterd/src/glusterd.h b/xlators/mgmt/glusterd/src/glusterd.h index 7e3c8129a94..cad0b425fbd 100644 --- a/xlators/mgmt/glusterd/src/glusterd.h +++ b/xlators/mgmt/glusterd/src/glusterd.h @@ -597,9 +597,9 @@ typedef ssize_t (*gd_serialize_t) (struct iovec outmsg, void *args); #define GLUSTERD_GET_DEFRAG_PROCESS(path, volinfo) do { \ if (volinfo->rebal.defrag_cmd == GF_DEFRAG_CMD_START_TIER) \ - snprintf (path, PATH_MAX, "tier"); \ + snprintf (path, NAME_MAX, "tier"); \ else \ - snprintf (path, PATH_MAX, "rebalance"); \ + snprintf (path, NAME_MAX, "rebalance"); \ } while (0) #define GLUSTERD_GET_DEFRAG_DIR(path, volinfo, priv) do { \ -- cgit