An NFS client presenting a large file handle (either fake or generated by 3.2.x NFS server) results in the corruption of stack, because the new smaller file handle structure is declared on the stack and we copy the large object overflowing the buffer.
REVIEW: http://review.gluster.org/5730 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#1) for review on master by Anand Avati (avati)
REVIEW: http://review.gluster.org/5730 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#2) for review on master by Anand Avati (avati)
REVIEW: http://review.gluster.org/5730 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#3) for review on master by Anand Avati (avati)
COMMIT: http://review.gluster.org/5730 committed in master by Vijay Bellur (vbellur) ------ commit 3a3441ef7665b5f55a9e2de63ea07173bf0f0db0 Author: Anand Avati <avati> Date: Mon Aug 26 21:58:26 2013 -0700 nfs: prevent NFS server crash when upgrading from 3.2.x server After an upgrade the NFS3 filehandle size changed (became smaller), but when doing a live ugprade the client would send the old handle (expect ESTALE and do fresh lookup). But when reading the old handle we were reading it into a structure which was limited to the size of the new handle, while we should have been reading into a buffer which is as big as the NFS3 spec permits the handle size to be. The actor functions declare the structure on the stack. So the overflow is resulting in a stack corruption. Change-Id: Ie930875ac9db46b43d1cb8ad1e6d89cdaeded7ca BUG: 1002385 Signed-off-by: Anand Avati <avati> Reviewed-on: http://review.gluster.org/5730 Reviewed-by: Rajesh Joseph <rjoseph> Reviewed-by: Niels de Vos <ndevos> Tested-by: Gluster Build System <jenkins.com>
*** Bug 893778 has been marked as a duplicate of this bug. ***
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#1) for review on release-3.4 by Vijay Bellur (vbellur)
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#2) for review on release-3.4 by Vijay Bellur (vbellur)
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#3) for review on release-3.4 by Vijay Bellur (vbellur)
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#4) for review on release-3.4 by Vijay Bellur (vbellur)
REVIEW: http://review.gluster.org/5804 (nfs: prevent NFS server crash when upgrading from 3.2.x server) posted (#5) for review on release-3.4 by Vijay Bellur (vbellur)
COMMIT: http://review.gluster.org/5804 committed in release-3.4 by Anand Avati (avati) ------ commit 6e9dbdd6e16cca1e32e7c7e00b2618a837f1c18a Author: Anand Avati <avati> Date: Mon Aug 26 21:58:26 2013 -0700 nfs: prevent NFS server crash when upgrading from 3.2.x server After an upgrade the NFS3 filehandle size changed (became smaller), but when doing a live ugprade the client would send the old handle (expect ESTALE and do fresh lookup). But when reading the old handle we were reading it into a structure which was limited to the size of the new handle, while we should have been reading into a buffer which is as big as the NFS3 spec permits the handle size to be. The actor functions declare the structure on the stack. So the overflow is resulting in a stack corruption. Change-Id: Ie930875ac9db46b43d1cb8ad1e6d89cdaeded7ca BUG: 1002385 Signed-off-by: Anand Avati <avati> Reviewed-on: http://review.gluster.org/5730 Reviewed-by: Rajesh Joseph <rjoseph> Reviewed-by: Niels de Vos <ndevos> Tested-by: Gluster Build System <jenkins.com> Reviewed-on: http://review.gluster.org/5804 Reviewed-by: Kaleb KEITHLEY <kkeithle>
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.5.0, please reopen this bug report. glusterfs-3.5.0 has been announced on the Gluster Developers mailinglist [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/6137 [2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user