Description of problem: The mkdir_p function performs an unchecked strcat of an input buffer to a static buffer without checking any size. Line 83 is "strcpy (dir, path);" Recommend replacing with "strncpy(dir, path, PATH_MAX ) ; Version-Release number of selected component (if applicable): 3.5 https://github.com/gluster/glusterfs/blame/630d46d714a233919664c035f2c5c48c028777e8/libglusterfs/src/common-utils.c#L83 How reproducible: Always. Steps to Reproduce: 1. make a call to mkdir_p() 2. 3. Actual results: strcpy (dir, path); Expected results: strncpy(dir, path, PATH_MAX ) ; Additional info:
REVIEW: http://review.gluster.org/7759 (libglusterfs: Use strncpy() instead of strcpy()) posted (#1) for review on master by Santosh Pradhan (spradhan)
COMMIT: http://review.gluster.org/7759 committed in master by Anand Avati (avati) ------ commit a9df8ccbd331e21bcbccf3abc65abe730d6f0489 Author: Santosh Kumar Pradhan <spradhan> Date: Wed May 14 11:28:15 2014 +0530 libglusterfs: Use strncpy() instead of strcpy() Use secure strncpy() to copy the input data to static buffer and make sure to NULL terminate the copied buffer (if source buffer is longer than static buffer). Change-Id: If3564f1398c8eb92669d4bc92700bbdf6ee2278e BUG: 1097417 Signed-off-by: Santosh Kumar Pradhan <spradhan> Reviewed-on: http://review.gluster.org/7759 Reviewed-by: Humble Devassy Chirammal <humble.devassy> Reviewed-by: Anand Avati <avati> Tested-by: Anand Avati <avati>
A beta release for GlusterFS 3.6.0 has been released. Please verify if the release solves this bug report for you. In case the glusterfs-3.6.0beta1 release does not have a resolution for this issue, leave a comment in this bug and move the status to ASSIGNED. If this release fixes the problem for you, leave a note and change the status to VERIFIED. Packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update (possibly an "updates-testing" repository) infrastructure for your distribution. [1] http://supercolony.gluster.org/pipermail/gluster-users/2014-September/018836.html [2] http://supercolony.gluster.org/pipermail/gluster-users/
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.6.1, please reopen this bug report. glusterfs-3.6.1 has been announced [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] http://supercolony.gluster.org/pipermail/gluster-users/2014-November/019410.html [2] http://supercolony.gluster.org/mailman/listinfo/gluster-users