Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1272926

Summary: libgfapi: brick process crashes if attr KEY length > 255 for glfs_lgetxattr(...)
Product: [Community] GlusterFS Reporter: Milind Changire <mchangir>
Component: libgfapiAssignee: Milind Changire <mchangir>
Status: CLOSED CURRENTRELEASE QA Contact: Sudhir D <sdharane>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.7.6CC: bugs, jthottan, mchangir, ndevos, rgowdapp, sdharane
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glusterfs-3.7.7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1263056 Environment:
Last Closed: 2016-02-15 06:56:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1263056    
Bug Blocks: 1272929    

Description Milind Changire 2015-10-19 08:50:10 UTC 
+++ This bug was initially created as a clone of Bug #1263056 +++

Description of problem:
When testing integration with bareos backup/restore application, it was noticed that the brick process, glusterfsd terminates with a core dump. Random attribute key values having length greater than 255 consistent caused glusterfsd to crash while servicing a call to glfs_lgetxattr() function.

Input validation seems to be missing in libgfapi.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Soumya Koduri on 2015-09-15 08:20:01 EDT ---

Could you provide core(bt), logs and the steps to reproduce the issue.

--- Additional comment from Milind Changire on 2015-09-15 12:47:57 EDT ---

Actually I faced a stack corruption problem while testing integration with a backup-restore application called bareos.

There has been some root cause analysis by Raghavendra G and Poornima G and it was concluded that although the VFS doesn't allow operations on xattr keys > 255 in length via getfattr command and the keys don't reach the server, there isn't any validation in the libgfapi at least for this specific criteria for this specific API.

Poornima G also attempted to get/set xattr via api/examples/glfsxmp.c with a key > 255 length and had a different outcome. Please consult her for more info.

Here's the uncommitted patch of the fix for reference:

diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c
index ff85f7b..2d7a23c 100644
--- a/api/src/glfs-fops.c
+++ b/api/src/glfs-fops.c
@@ -2853,6 +2853,12 @@ glfs_getxattr_common (struct glfs *fs, const char *path, const char *name,
                errno = EIO;
                goto out;
        }
+
+        if (strlen(name) > 255) {
+                ret = -1;
+                errno = EINVAL;
+                goto out;
+        }
 retry:
        if (follow)
                ret = glfs_resolve (fs, subvol, path, &loc, &iatt, reval);

--- Additional comment from Jiffin on 2015-09-22 08:45:13 EDT ---

Can u send out fix on upstream and change the status of the bug accordingly.

--- Additional comment from Milind Changire on 2015-09-22 09:14:06 EDT ---

Gerrit review for upstream master available at:
http://review.gluster.org/#/c/12207/
Comment 1 Vijay Bellur 2015-10-19 08:51:58 UTC 
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#1) for review on release-3.7 by Milind Changire (mchangir)
Comment 2 Vijay Bellur 2015-10-30 05:02:37 UTC 
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#2) for review on release-3.7 by Milind Changire (mchangir)
Comment 3 Vijay Bellur 2015-10-30 09:56:49 UTC 
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#3) for review on release-3.7 by Milind Changire (mchangir)
Comment 4 Vijay Bellur 2015-10-30 15:28:01 UTC 
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#4) for review on release-3.7 by Milind Changire (mchangir)
Comment 5 Vijay Bellur 2015-10-30 17:31:05 UTC 
REVIEW: http://review.gluster.org/12387 (gfapi: xattr key length check to avoid brick crash) posted (#5) for review on release-3.7 by Milind Changire (mchangir)
Comment 6 Kaushal 2016-04-19 07:47:08 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.7.7, please open a new bug report.

glusterfs-3.7.7 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] https://www.gluster.org/pipermail/gluster-users/2016-February/025292.html
[2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user