Created attachment 898015 [details] maxlen check addition Description of problem: A gf_history_changelog_next_change() calls gf_readline() to fill a buffer without checking buffer size. The size of maxlen is not verified to be less than the lenght of buffer. This could result in the over filling of buffer of maxlen is greater than PATH_MAX size = gf_readline (tracker_fd, buffer, maxlen); Version-Release number of selected component (if applicable): 3.5 https://github.com/gluster/glusterfs/blame/master/xlators/features/changelog/lib/src/gf-history-changelog.c#L173 How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Check the size of maxlen to be less than PATH_MAX and return a fail code as needed. See attached patch. Additional info:
Bug 1174017 has been filed to get the change in the master branch. After its inclusion, a backpoprt can be submitted for release-3.5.
This bug is getting closed because the 3.5 is marked End-Of-Life. There will be no further updates to this version. Please open a new bug against a version that still receives bugfixes if you are still facing this issue in a more current release.