Bug 1272926 - libgfapi: brick process crashes if attr KEY length > 255 for glfs_lgetxattr(...)
libgfapi: brick process crashes if attr KEY length > 255 for glfs_lgetxattr(...)
Status: CLOSED CURRENTRELEASE
Product: GlusterFS
Classification: Community
Component: libgfapi (Show other bugs)
3.7.6
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Milind Changire
Sudhir D
: Triaged
Depends On: 1263056
Blocks: 1272929
  Show dependency treegraph
 
Reported: 2015-10-19 04:50 EDT by Milind Changire
Modified: 2016-04-19 03:47 EDT (History)
6 users (show)

See Also:
Fixed In Version: glusterfs-3.7.7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1263056
Environment:
Last Closed: 2016-02-15 01:56:14 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Milind Changire 2015-10-19 04:50:10 EDT
+++ This bug was initially created as a clone of Bug #1263056 +++

Description of problem:
When testing integration with bareos backup/restore application, it was noticed that the brick process, glusterfsd terminates with a core dump. Random attribute key values having length greater than 255 consistent caused glusterfsd to crash while servicing a call to glfs_lgetxattr() function.

Input validation seems to be missing in libgfapi.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Soumya Koduri on 2015-09-15 08:20:01 EDT ---

Could you provide core(bt), logs and the steps to reproduce the issue.

--- Additional comment from Milind Changire on 2015-09-15 12:47:57 EDT ---

Actually I faced a stack corruption problem while testing integration with a backup-restore application called bareos.

There has been some root cause analysis by Raghavendra G and Poornima G and it was concluded that although the VFS doesn't allow operations on xattr keys > 255 in length via getfattr command and the keys don't reach the server, there isn't any validation in the libgfapi at least for this specific criteria for this specific API.

Poornima G also attempted to get/set xattr via api/examples/glfsxmp.c with a key > 255 length and had a different outcome. Please consult her for more info.

Here's the uncommitted patch of the fix for reference:

diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c
index ff85f7b..2d7a23c 100644
--- a/api/src/glfs-fops.c
+++ b/api/src/glfs-fops.c
@@ -2853,6 +2853,12 @@ glfs_getxattr_common (struct glfs *fs, const char *path, const char *name,
                errno = EIO;
                goto out;
        }
+
+        if (strlen(name) > 255) {
+                ret = -1;
+                errno = EINVAL;
+                goto out;
+        }
 retry:
        if (follow)
                ret = glfs_resolve (fs, subvol, path, &loc, &iatt, reval);

--- Additional comment from Jiffin on 2015-09-22 08:45:13 EDT ---

Can u send out fix on upstream and change the status of the bug accordingly.

--- Additional comment from Milind Changire on 2015-09-22 09:14:06 EDT ---

Gerrit review for upstream master available at:
http://review.gluster.org/#/c/12207/
Comment 1 Vijay Bellur 2015-10-19 04:51:58 EDT
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#1) for review on release-3.7 by Milind Changire (mchangir@redhat.com)
Comment 2 Vijay Bellur 2015-10-30 01:02:37 EDT
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#2) for review on release-3.7 by Milind Changire (mchangir@redhat.com)
Comment 3 Vijay Bellur 2015-10-30 05:56:49 EDT
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#3) for review on release-3.7 by Milind Changire (mchangir@redhat.com)
Comment 4 Vijay Bellur 2015-10-30 11:28:01 EDT
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#4) for review on release-3.7 by Milind Changire (mchangir@redhat.com)
Comment 5 Vijay Bellur 2015-10-30 13:31:05 EDT
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#5) for review on release-3.7 by Milind Changire (mchangir@redhat.com)
Comment 6 Kaushal 2016-04-19 03:47:08 EDT
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.7, please open a new bug report.

glusterfs-3.7.7 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] https://www.gluster.org/pipermail/gluster-users/2016-February/025292.html
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user

Note You need to log in before you can comment on or make changes to this bug.