andy/glusterfs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

protocol/server: NULL pointer dereferencing clang fix

Browse Source 
Problem: Access to field fop_length results in null pointer dereferencing.

Solution: Added condition checks fix the issue.

Change-Id: Id408e3ac62ea9574f0cd9aecce5434add09eb7d0
Updates: bz#1622665
Signed-off-by: Shwetha K Acharya <sacharya@redhat.com>
This commit is contained in:
Shwetha K Acharya 2018-09-14 10:27:56 +05:30 committed by Amar Tumballi
parent f7f281900b
commit f2137d4c84
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
xlators/protocol/server/src/server-rpc-fops.c
View File

@ -2292,6 +2292,11 @@ server_compound_cbk(call_frame_t *frame, void *cookie, xlator_t *this,
/* TODO: I assume a single 10MB payload is large, if not, we need to
agree to valid payload */
if (!args_cbk) {
op_ret = -1;
goto out;
}
if ((args_cbk->fop_length <= 0) ||
((args_cbk->fop_length > (10 * 1024 * 1024)))) {
op_ret = -1;
@ -2326,8 +2331,8 @@ out:
server_submit_reply(frame, req, &rsp, NULL, 0, NULL,
(xdrproc_t)xdr_gfs3_compound_rsp);
server_compound_rsp_cleanup(&rsp, args_cbk);
if (args_cbk)
server_compound_rsp_cleanup(&rsp, args_cbk);
GF_FREE(rsp.xdata.xdata_val);
return 0;

9
xlators/protocol/server/src/server-rpc-fops_v2.c
View File

@ -5944,6 +5944,11 @@ server4_compound_cbk(call_frame_t *frame, void *cookie, xlator_t *this,
/* TODO: I assume a single 10MB payload is large, if not, we need to
agree to valid payload */
if (!args_cbk) {
op_ret = -1;
goto out;
}
if ((args_cbk->fop_length <= 0) ||
((args_cbk->fop_length > (10 * 1024 * 1024)))) {
op_ret = -1;
@ -5978,8 +5983,8 @@ out:
server_submit_reply(frame, req, &rsp, NULL, 0, NULL,
(xdrproc_t)xdr_gfx_compound_rsp);
server_compound_rsp_cleanup_v2(&rsp, args_cbk);
if (args_cbk)
server_compound_rsp_cleanup_v2(&rsp, args_cbk);
GF_FREE(rsp.xdata.pairs.pairs_val);
return 0;