Bug 1174017

Summary: Unchecked buffer fill by gf_readline in gf_history_changelog_next_change
Product: [Community] GlusterFS Reporter: Niels de Vos <ndevos>
Component: coreAssignee: Niels de Vos <ndevos>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: mainlineCC: bugs, gluster-bugs, kschinck, vshankar
Target Milestone: ---Keywords: EasyFix, Patch, Triaged
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: glusterfs-3.7.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1099922 Environment:
Last Closed: 2015-05-14 17:28:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1099922    

Description Niels de Vos 2014-12-14 20:32:24 UTC 
+++ This bug was initially created as a clone of Bug #1099922 +++

Description of problem:
A gf_history_changelog_next_change() calls gf_readline() to fill a buffer without checking buffer size. The size of maxlen is not verified to be less than the lenght of buffer. This could result in the over filling of buffer of maxlen is greater than PATH_MAX

size = gf_readline (tracker_fd, buffer, maxlen);

Version-Release number of selected component (if applicable):
3.5
https://github.com/gluster/glusterfs/blame/master/xlators/features/changelog/lib/src/gf-history-changelog.c#L173


How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:
Check the size of maxlen to be less than PATH_MAX and return a fail code as needed. 

See attached patch. 

Additional info:
Comment 1 Anand Avati 2014-12-14 20:37:01 UTC 
REVIEW: http://review.gluster.org/9275 (changelog:  Unchecked buffer fill in gf_history_changelog_next_change) posted (#1) for review on master by Niels de Vos (ndevos)
Comment 2 Anand Avati 2015-03-02 11:37:22 UTC 
REVIEW: http://review.gluster.org/9275 (changelog:  Unchecked buffer fill in gf_history_changelog_next_change) posted (#2) for review on master by Niels de Vos (ndevos)
Comment 3 Anand Avati 2015-03-04 12:43:48 UTC 
COMMIT: http://review.gluster.org/9275 committed in master by Venky Shankar (vshankar) 
------
commit 80ebd3a25ae7dcfcaebec58d7a80b919e2eed5ee
Author: Niels de Vos <ndevos>
Date:   Sun Dec 14 21:33:17 2014 +0100

    changelog:  Unchecked buffer fill in gf_history_changelog_next_change
    
    A gf_history_changelog_next_change() calls gf_readline() to fill a
    buffer without checking buffer size. The size of maxlen is not verified
    to be less than the lenght of buffer. This could result in the over
    filling of buffer of maxlen is greater than PATH_MAX.
    
    Check the size of maxlen to be less than PATH_MAX and return a fail code
    as needed.
    
    BUG: 1174017
    Change-Id: Ic53b1a6e25af69a339bc15fb2d233dc1e457910f
    Reported-by: Keith Schincke <kschinck>
    Signed-off-by: Niels de Vos <ndevos>
    Reviewed-on: http://review.gluster.org/9275
    Tested-by: Gluster Build System <jenkins.com>
    Reviewed-by: Venky Shankar <vshankar>
    Tested-by: Venky Shankar <vshankar>
Comment 4 Niels de Vos 2015-05-14 17:28:42 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 5 Niels de Vos 2015-05-14 17:35:45 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 6 Niels de Vos 2015-05-14 17:38:08 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 7 Niels de Vos 2015-05-14 17:45:14 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user