Bug 1678726 - Integer Overflow possible in md-cache.c due to data type inconsistency
Summary: Integer Overflow possible in md-cache.c due to data type inconsistency
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: md-cache
Version: mainline
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: bugs@gluster.org
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1680020
TreeView+ depends on / blocked
 
Reported: 2019-02-19 13:22 UTC by david.spisla
Modified: 2019-03-27 13:44 UTC (History)
2 users (show)

Fixed In Version: glusterfs-5.5
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1679169 1679170 1680020 (view as bug list)
Environment:
Last Closed: 2019-02-22 14:48:44 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gluster.org Gerrit 22234 0 None Merged md-cache: Adapt integer data types to avoid integer overflow 2019-02-20 12:14:07 UTC
Gluster.org Gerrit 22240 0 None Merged md-cache: Adapt integer data types to avoid integer overflow 2019-02-22 14:48:43 UTC

Description david.spisla 2019-02-19 13:22:39 UTC
Description of problem:

The 'struct md_cache' in md-cache.c uses int data types which are not in common with the data types used in the 'struct iatt' in iatt.h . If one take a closer look to the implementations one can see that the struct in md-cache.c uses still the int data types like in the struct 'old_iatt' . This can lead to unexpected side effects and some values of iatt maybe will not mapped correctly. I would suggest to open a bug report. What do you think?

Additional info:

struct md_cache {
    ia_prot_t md_prot;
    uint32_t md_nlink;
    uint32_t md_uid;
    uint32_t md_gid;
    uint32_t md_atime;
    uint32_t md_atime_nsec;
    uint32_t md_mtime;
    uint32_t md_mtime_nsec;
    uint32_t md_ctime;
    uint32_t md_ctime_nsec;
    uint64_t md_rdev;
    uint64_t md_size;
    uint64_t md_blocks;
    uint64_t invalidation_time;
    uint64_t generation;
    dict_t *xattr;
    char *linkname;
    time_t ia_time;
    time_t xa_time;
    gf_boolean_t need_lookup;
    gf_boolean_t valid;
    gf_boolean_t gen_rollover;
    gf_boolean_t invalidation_rollover;
    gf_lock_t lock;
};

struct iatt {
    uint64_t ia_flags;
    uint64_t ia_ino;     /* inode number */
    uint64_t ia_dev;     /* backing device ID */
    uint64_t ia_rdev;    /* device ID (if special file) */
    uint64_t ia_size;    /* file size in bytes */
    uint32_t ia_nlink;   /* Link count */
    uint32_t ia_uid;     /* user ID of owner */
    uint32_t ia_gid;     /* group ID of owner */
    uint32_t ia_blksize; /* blocksize for filesystem I/O */
    uint64_t ia_blocks;  /* number of 512B blocks allocated */
    int64_t ia_atime;    /* last access time */
    int64_t ia_mtime;    /* last modification time */
    int64_t ia_ctime;    /* last status change time */
    int64_t ia_btime;    /* creation time. Fill using statx */
    uint32_t ia_atime_nsec;
    uint32_t ia_mtime_nsec;
    uint32_t ia_ctime_nsec;
    uint32_t ia_btime_nsec;
    uint64_t ia_attributes;      /* chattr related:compressed, immutable,
                                  * append only, encrypted etc.*/
    uint64_t ia_attributes_mask; /* Mask for the attributes */

    uuid_t ia_gfid;
    ia_type_t ia_type; /* type of file */
    ia_prot_t ia_prot; /* protection */
};

struct old_iatt {
    uint64_t ia_ino; /* inode number */
    uuid_t ia_gfid;
    uint64_t ia_dev;     /* backing device ID */
    ia_type_t ia_type;   /* type of file */
    ia_prot_t ia_prot;   /* protection */
    uint32_t ia_nlink;   /* Link count */
    uint32_t ia_uid;     /* user ID of owner */
    uint32_t ia_gid;     /* group ID of owner */
    uint64_t ia_rdev;    /* device ID (if special file) */
    uint64_t ia_size;    /* file size in bytes */
    uint32_t ia_blksize; /* blocksize for filesystem I/O */
    uint64_t ia_blocks;  /* number of 512B blocks allocated */
    uint32_t ia_atime;   /* last access time */
    uint32_t ia_atime_nsec;
    uint32_t ia_mtime; /* last modification time */
    uint32_t ia_mtime_nsec;
    uint32_t ia_ctime; /* last status change time */
    uint32_t ia_ctime_nsec;
};



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Worker Ant 2019-02-19 14:06:34 UTC
REVIEW: https://review.gluster.org/22234 (md-cache: Adapt integer data types to avoid integer overflow) posted (#1) for review on master by David Spisla

Comment 2 Worker Ant 2019-02-20 12:14:08 UTC
REVIEW: https://review.gluster.org/22234 (md-cache: Adapt integer data types to avoid integer overflow) merged (#3) on master by David Spisla

Comment 3 Worker Ant 2019-02-20 14:01:16 UTC
REVIEW: https://review.gluster.org/22240 (md-cache: Adapt integer data types to avoid integer overflow) posted (#1) for review on release-5 by David Spisla

Comment 4 Worker Ant 2019-02-20 14:02:40 UTC
REVIEW: https://review.gluster.org/22241 (md-cache: Adapt integer data types to avoid integer overflow) posted (#1) for review on release-6 by David Spisla

Comment 5 Worker Ant 2019-02-22 14:47:39 UTC
REVISION POSTED: https://review.gluster.org/22241 (md-cache: Adapt integer data types to avoid integer overflow) posted (#2) for review on release-6 by Shyamsundar Ranganathan

Comment 6 Worker Ant 2019-02-22 14:48:44 UTC
REVIEW: https://review.gluster.org/22240 (md-cache: Adapt integer data types to avoid integer overflow) merged (#1) on release-5 by David Spisla

Comment 7 Shyamsundar 2019-03-27 13:44:07 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-5.5, please open a new bug report.

glusterfs-5.5 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] https://lists.gluster.org/pipermail/announce/2019-March/000119.html
[2] https://www.gluster.org/pipermail/gluster-users/


Note You need to log in before you can comment on or make changes to this bug.