Bug 1174017 - Unchecked buffer fill by gf_readline in gf_history_changelog_next_change
Summary: Unchecked buffer fill by gf_readline in gf_history_changelog_next_change
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: core
Version: mainline
Hardware: All
OS: All
unspecified
medium
Target Milestone: ---
Assignee: Niels de Vos
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1099922
TreeView+ depends on / blocked
 
Reported: 2014-12-14 20:32 UTC by Niels de Vos
Modified: 2015-05-14 17:45 UTC (History)
4 users (show)

Fixed In Version: glusterfs-3.7.0
Doc Type: Bug Fix
Doc Text:
Clone Of: 1099922
Environment:
Last Closed: 2015-05-14 17:28:42 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)

Description Niels de Vos 2014-12-14 20:32:24 UTC 
+++ This bug was initially created as a clone of Bug #1099922 +++

Description of problem:
A gf_history_changelog_next_change() calls gf_readline() to fill a buffer without checking buffer size. The size of maxlen is not verified to be less than the lenght of buffer. This could result in the over filling of buffer of maxlen is greater than PATH_MAX

size = gf_readline (tracker_fd, buffer, maxlen);

Version-Release number of selected component (if applicable):
3.5
https://github.com/gluster/glusterfs/blame/master/xlators/features/changelog/lib/src/gf-history-changelog.c#L173


How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:
Check the size of maxlen to be less than PATH_MAX and return a fail code as needed. 

See attached patch. 

Additional info:
Comment 1 Anand Avati 2014-12-14 20:37:01 UTC 
REVIEW: http://review.gluster.org/9275 (changelog:  Unchecked buffer fill in gf_history_changelog_next_change) posted (#1) for review on master by Niels de Vos (ndevos)
Comment 2 Anand Avati 2015-03-02 11:37:22 UTC 
REVIEW: http://review.gluster.org/9275 (changelog:  Unchecked buffer fill in gf_history_changelog_next_change) posted (#2) for review on master by Niels de Vos (ndevos)
Comment 3 Anand Avati 2015-03-04 12:43:48 UTC 
COMMIT: http://review.gluster.org/9275 committed in master by Venky Shankar (vshankar) 
------
commit 80ebd3a25ae7dcfcaebec58d7a80b919e2eed5ee
Author: Niels de Vos <ndevos>
Date:   Sun Dec 14 21:33:17 2014 +0100

    changelog:  Unchecked buffer fill in gf_history_changelog_next_change
    
    A gf_history_changelog_next_change() calls gf_readline() to fill a
    buffer without checking buffer size. The size of maxlen is not verified
    to be less than the lenght of buffer. This could result in the over
    filling of buffer of maxlen is greater than PATH_MAX.
    
    Check the size of maxlen to be less than PATH_MAX and return a fail code
    as needed.
    
    BUG: 1174017
    Change-Id: Ic53b1a6e25af69a339bc15fb2d233dc1e457910f
    Reported-by: Keith Schincke <kschinck>
    Signed-off-by: Niels de Vos <ndevos>
    Reviewed-on: http://review.gluster.org/9275
    Tested-by: Gluster Build System <jenkins.com>
    Reviewed-by: Venky Shankar <vshankar>
    Tested-by: Venky Shankar <vshankar>
Comment 4 Niels de Vos 2015-05-14 17:28:42 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 5 Niels de Vos 2015-05-14 17:35:45 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 6 Niels de Vos 2015-05-14 17:38:08 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Comment 7 Niels de Vos 2015-05-14 17:45:14 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report.

glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user
Note You need to log in before you can comment on or make changes to this bug.