Bug 1099645 - Unchecked strcpy and strcat in gf-history-changelog.c
Summary: Unchecked strcpy and strcat in gf-history-changelog.c
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: core
Version: mainline
Hardware: Unspecified
OS: All
unspecified
medium
Target Milestone: ---
Assignee: Niels de Vos
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-05-20 20:02 UTC by Keith Schincke
Modified: 2015-05-14 17:42 UTC (History)
2 users (show)

Fixed In Version: glusterfs-3.7.0
Clone Of:
Environment:
Last Closed: 2015-05-14 17:25:48 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)
Patch to delete macro and replace with function call (880 bytes, patch)
2014-05-20 20:02 UTC, Keith Schincke 		no flags Details | Diff
View All

Description Keith Schincke 2014-05-20 20:02:34 UTC 
Created attachment 897726 [details]
Patch to delete macro and replace with function call

Description of problem:
The used once MAKE_HTIME_FILE_PATH macro uses strcpy and strcat into a fixed buffer without checking the input lengths. 

Recommend replacing with a snprintf

Version-Release number of selected component (if applicable):
3.5

https://github.com/gluster/glusterfs/blame/master/xlators/features/changelog/lib/src/gf-history-changelog.c#L653

How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Niels de Vos 2014-10-27 09:34:46 UTC 
Thanks for the patch, I'll post it for inclusion in mainline. If you are concerned about this and would like the change included in other versions, please clone this bug (see 'clone' in the upper-right-corner of this page).
Comment 2 Anand Avati 2014-10-27 09:35:11 UTC 
REVIEW: http://review.gluster.org/8977 (changelog: replace MAKE_HTIME_FILE_PATH with snprintf()) posted (#1) for review on master by Niels de Vos (ndevos)
Comment 3 Anand Avati 2014-10-28 09:09:41 UTC 
COMMIT: http://review.gluster.org/8977 committed in master by Venky Shankar (vshankar) 
------
commit 4d3c6d93d1c75696987f262cf5a304b3038bc585
Author: Niels de Vos <ndevos>
Date:   Mon Oct 27 10:28:55 2014 +0100

    changelog: replace MAKE_HTIME_FILE_PATH with snprintf()
    
    The used once MAKE_HTIME_FILE_PATH macro uses strcpy and strcat into a
    fixed buffer without checking the input lengths.
    
    Recommend replacing with a snprintf.
    
    Change-Id: Ia0245096774dc84be1b937e1d5750f3634fff034
    BUG: 1099645
    Reported-by: Keith Schincke <kschinck>
    Signed-off-by: Niels de Vos <ndevos>
    Reviewed-on: http://review.gluster.org/8977
    Tested-by: Gluster Build System <jenkins.com>
    Reviewed-by: Venky Shankar <vshankar>
    Tested-by: Venky Shankar <vshankar>
Comment 4 Niels de Vos 2015-05-14 17:25:48 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 5 Niels de Vos 2015-05-14 17:35:26 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 6 Niels de Vos 2015-05-14 17:37:48 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 7 Niels de Vos 2015-05-14 17:42:18 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Note You need to log in before you can comment on or make changes to this bug.