andy/glusterfs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

changelog: Unchecked buffer fill in gf_history_changelog_next_change

Browse Source 
A gf_history_changelog_next_change() calls gf_readline() to fill a
buffer without checking buffer size. The size of maxlen is not verified
to be less than the lenght of buffer. This could result in the over
filling of buffer of maxlen is greater than PATH_MAX.

Check the size of maxlen to be less than PATH_MAX and return a fail code
as needed.

BUG: 1174017
Change-Id: Ic53b1a6e25af69a339bc15fb2d233dc1e457910f
Reported-by: Keith Schincke <kschinck@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9275
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Tested-by: Venky Shankar <vshankar@redhat.com>
This commit is contained in:
Niels de Vos 2014-12-14 21:33:17 +01:00 committed by Venky Shankar
parent f8b1bedd9d
commit 80ebd3a25a
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
xlators/features/changelog/lib/src/gf-changelog.c
View File

@ -336,6 +336,11 @@ gf_changelog_next_change (char *bufptr, size_t maxlen)
gf_changelog_t *gfc = NULL;
char buffer[PATH_MAX] = {0,};
if (maxlen > PATH_MAX) {
errno = ENAMETOOLONG;
goto out;
}
errno = EINVAL;
this = THIS;