Bug 1097417 - strcpy usage in libglusterfs/src/common-utils.c
Summary: strcpy usage in libglusterfs/src/common-utils.c
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: core
Version: 3.5.0
Hardware: All
OS: All
unspecified
medium
Target Milestone: ---
Assignee: Niels de Vos
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-05-13 18:52 UTC by Keith Schincke
Modified: 2014-11-11 08:32 UTC (History)
3 users (show)

Fixed In Version: glusterfs-3.6.0beta1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-11-11 08:32:30 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)

Description Keith Schincke 2014-05-13 18:52:57 UTC 
Description of problem:
The mkdir_p function performs an unchecked strcat of an input buffer to a static buffer without checking any size. 

Line 83 is "strcpy (dir, path);"

Recommend replacing with "strncpy(dir, path, PATH_MAX ) ;


Version-Release number of selected component (if applicable):
3.5
https://github.com/gluster/glusterfs/blame/630d46d714a233919664c035f2c5c48c028777e8/libglusterfs/src/common-utils.c#L83

How reproducible:
Always.

Steps to Reproduce:
1. make a call to mkdir_p()
2.
3.

Actual results:
strcpy (dir, path);

Expected results:
strncpy(dir, path, PATH_MAX ) ;

Additional info:
Comment 1 Anand Avati 2014-05-14 06:01:32 UTC 
REVIEW: http://review.gluster.org/7759 (libglusterfs: Use strncpy() instead of strcpy()) posted (#1) for review on master by Santosh Pradhan (spradhan)
Comment 2 Anand Avati 2014-05-14 21:54:42 UTC 
COMMIT: http://review.gluster.org/7759 committed in master by Anand Avati (avati) 
------
commit a9df8ccbd331e21bcbccf3abc65abe730d6f0489
Author: Santosh Kumar Pradhan <spradhan>
Date:   Wed May 14 11:28:15 2014 +0530

    libglusterfs: Use strncpy() instead of strcpy()
    
    Use secure strncpy() to copy the input data to static buffer
    and make sure to NULL terminate the copied buffer (if source
    buffer is longer than static buffer).
    
    Change-Id: If3564f1398c8eb92669d4bc92700bbdf6ee2278e
    BUG: 1097417
    Signed-off-by: Santosh Kumar Pradhan <spradhan>
    Reviewed-on: http://review.gluster.org/7759
    Reviewed-by: Humble Devassy Chirammal <humble.devassy>
    Reviewed-by: Anand Avati <avati>
    Tested-by: Anand Avati <avati>
Comment 4 Niels de Vos 2014-09-22 12:40:22 UTC 
A beta release for GlusterFS 3.6.0 has been released. Please verify if the release solves this bug report for you. In case the glusterfs-3.6.0beta1 release does not have a resolution for this issue, leave a comment in this bug and move the status to ASSIGNED. If this release fixes the problem for you, leave a note and change the status to VERIFIED.

Packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update (possibly an "updates-testing" repository) infrastructure for your distribution.

[1] http://supercolony.gluster.org/pipermail/gluster-users/2014-September/018836.html
[2] http://supercolony.gluster.org/pipermail/gluster-users/
Comment 5 Niels de Vos 2014-11-11 08:32:30 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.6.1, please reopen this bug report.

glusterfs-3.6.1 has been announced [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://supercolony.gluster.org/pipermail/gluster-users/2014-November/019410.html
[2] http://supercolony.gluster.org/mailman/listinfo/gluster-users
Note You need to log in before you can comment on or make changes to this bug.