Bug 1099922

Summary: Unchecked buffer fill by gf_readline in gf_history_changelog_next_change
Product: [Community] GlusterFS Reporter: Keith Schincke <kschinck>
Component: coreAssignee: bugs <bugs>
Status: CLOSED EOL QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: bugs, vshankar
Target Milestone: ---Keywords: EasyFix, Patch, Triaged
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1174017 (view as bug list) Environment:
Last Closed: 2016-06-17 15:57:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1174017    
Bug Blocks:    
Attachments:
Description Flags
maxlen check addition none

Description Keith Schincke 2014-05-21 14:07:11 UTC 
Created attachment 898015 [details]
maxlen check addition

Description of problem:
A gf_history_changelog_next_change() calls gf_readline() to fill a buffer without checking buffer size. The size of maxlen is not verified to be less than the lenght of buffer. This could result in the over filling of buffer of maxlen is greater than PATH_MAX

size = gf_readline (tracker_fd, buffer, maxlen);

Version-Release number of selected component (if applicable):
3.5
https://github.com/gluster/glusterfs/blame/master/xlators/features/changelog/lib/src/gf-history-changelog.c#L173


How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:
Check the size of maxlen to be less than PATH_MAX and return a fail code as needed. 

See attached patch. 

Additional info:
Comment 1 Niels de Vos 2014-12-14 20:38:33 UTC 
Bug 1174017 has been filed to get the change in the master branch. After its inclusion, a backpoprt can be submitted for release-3.5.
Comment 2 Niels de Vos 2016-06-17 15:57:32 UTC 
This bug is getting closed because the 3.5 is marked End-Of-Life. There will be no further updates to this version. Please open a new bug against a version that still receives bugfixes if you are still facing this issue in a more current release.