+++ This bug was initially created as a clone of Bug #1099922 +++ Description of problem: A gf_history_changelog_next_change() calls gf_readline() to fill a buffer without checking buffer size. The size of maxlen is not verified to be less than the lenght of buffer. This could result in the over filling of buffer of maxlen is greater than PATH_MAX size = gf_readline (tracker_fd, buffer, maxlen); Version-Release number of selected component (if applicable): 3.5 https://github.com/gluster/glusterfs/blame/master/xlators/features/changelog/lib/src/gf-history-changelog.c#L173 How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Check the size of maxlen to be less than PATH_MAX and return a fail code as needed. See attached patch. Additional info:
REVIEW: http://review.gluster.org/9275 (changelog: Unchecked buffer fill in gf_history_changelog_next_change) posted (#1) for review on master by Niels de Vos (ndevos)
REVIEW: http://review.gluster.org/9275 (changelog: Unchecked buffer fill in gf_history_changelog_next_change) posted (#2) for review on master by Niels de Vos (ndevos)
COMMIT: http://review.gluster.org/9275 committed in master by Venky Shankar (vshankar) ------ commit 80ebd3a25ae7dcfcaebec58d7a80b919e2eed5ee Author: Niels de Vos <ndevos> Date: Sun Dec 14 21:33:17 2014 +0100 changelog: Unchecked buffer fill in gf_history_changelog_next_change A gf_history_changelog_next_change() calls gf_readline() to fill a buffer without checking buffer size. The size of maxlen is not verified to be less than the lenght of buffer. This could result in the over filling of buffer of maxlen is greater than PATH_MAX. Check the size of maxlen to be less than PATH_MAX and return a fail code as needed. BUG: 1174017 Change-Id: Ic53b1a6e25af69a339bc15fb2d233dc1e457910f Reported-by: Keith Schincke <kschinck> Signed-off-by: Niels de Vos <ndevos> Reviewed-on: http://review.gluster.org/9275 Tested-by: Gluster Build System <jenkins.com> Reviewed-by: Venky Shankar <vshankar> Tested-by: Venky Shankar <vshankar>
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.0, please open a new bug report. glusterfs-3.7.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/10939 [2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user