Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1097417

Summary: strcpy usage in libglusterfs/src/common-utils.c
Product: [Community] GlusterFS Reporter: Keith Schincke <kschinck>
Component: coreAssignee: Niels de Vos <ndevos>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: bugs, gluster-bugs, vagarwal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: glusterfs-3.6.0beta1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-11 08:32:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Keith Schincke 2014-05-13 18:52:57 UTC 
Description of problem:
The mkdir_p function performs an unchecked strcat of an input buffer to a static buffer without checking any size. 

Line 83 is "strcpy (dir, path);"

Recommend replacing with "strncpy(dir, path, PATH_MAX ) ;


Version-Release number of selected component (if applicable):
3.5
https://github.com/gluster/glusterfs/blame/630d46d714a233919664c035f2c5c48c028777e8/libglusterfs/src/common-utils.c#L83

How reproducible:
Always.

Steps to Reproduce:
1. make a call to mkdir_p()
2.
3.

Actual results:
strcpy (dir, path);

Expected results:
strncpy(dir, path, PATH_MAX ) ;

Additional info:
Comment 1 Anand Avati 2014-05-14 06:01:32 UTC 
REVIEW: http://review.gluster.org/7759 (libglusterfs: Use strncpy() instead of strcpy()) posted (#1) for review on master by Santosh Pradhan (spradhan)
Comment 2 Anand Avati 2014-05-14 21:54:42 UTC 
COMMIT: http://review.gluster.org/7759 committed in master by Anand Avati (avati) 
------
commit a9df8ccbd331e21bcbccf3abc65abe730d6f0489
Author: Santosh Kumar Pradhan <spradhan>
Date:   Wed May 14 11:28:15 2014 +0530

    libglusterfs: Use strncpy() instead of strcpy()
    
    Use secure strncpy() to copy the input data to static buffer
    and make sure to NULL terminate the copied buffer (if source
    buffer is longer than static buffer).
    
    Change-Id: If3564f1398c8eb92669d4bc92700bbdf6ee2278e
    BUG: 1097417
    Signed-off-by: Santosh Kumar Pradhan <spradhan>
    Reviewed-on: http://review.gluster.org/7759
    Reviewed-by: Humble Devassy Chirammal <humble.devassy>
    Reviewed-by: Anand Avati <avati>
    Tested-by: Anand Avati <avati>
Comment 4 Niels de Vos 2014-09-22 12:40:22 UTC 
A beta release for GlusterFS 3.6.0 has been released. Please verify if the release solves this bug report for you. In case the glusterfs-3.6.0beta1 release does not have a resolution for this issue, leave a comment in this bug and move the status to ASSIGNED. If this release fixes the problem for you, leave a note and change the status to VERIFIED.

Packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update (possibly an "updates-testing" repository) infrastructure for your distribution.

[1] http://supercolony.gluster.org/pipermail/gluster-users/2014-September/018836.html
[2] http://supercolony.gluster.org/pipermail/gluster-users/
Comment 5 Niels de Vos 2014-11-11 08:32:30 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.6.1, please reopen this bug report.

glusterfs-3.6.1 has been announced [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://supercolony.gluster.org/pipermail/gluster-users/2014-November/019410.html
[2] http://supercolony.gluster.org/mailman/listinfo/gluster-users