dict: Put "goto out" in dict_unserialize to avoid process crash

Problem: In the dictionary serialization function, if the [(buf + vallen) > (orig_buf + size)], then memdup is getting failed. Fix: Put "goto out" whenever this condition is met. Change-Id: I662628a936596dbb47825aad47d7dbab2879eb07 BUG: 947824 Signed-off-by: Venkatesh Somyajulu <vsomyaju@redhat.com> Reviewed-on: http://review.gluster.org/4767 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
2013-04-03 16:59:27 +05:30 · 2013-04-03 16:59:27 +05:30 · a5a87f0d07
commit a5a87f0d07
parent 6311943436
1 changed files with 1 additions and 0 deletions
--- a/libglusterfs/src/dict.c
+++ b/libglusterfs/src/dict.c
@ -2576,6 +2576,7 @@ dict_unserialize (char *orig_buf, int32_t size, dict_t **fill)
                                          "available (%lu) < required (%lu)",
                                          (long)(orig_buf + size),
                                          (long)(buf + vallen));
+                        goto out;
                }
                value = get_new_data ();
                value->len  = vallen;