Bug 986100 - Extreme numbers of quotas can cause segfault
Extreme numbers of quotas can cause segfault
Status: CLOSED CURRENTRELEASE
Product: GlusterFS
Classification: Community
Component: core (Show other bugs)
3.4.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Kaushal
:
Depends On:
Blocks: 987126
  Show dependency treegraph
 
Reported: 2013-07-18 21:14 EDT by Joe Julian
Modified: 2014-04-17 09:13 EDT (History)
3 users (show)

See Also:
Fixed In Version: glusterfs-3.4.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-17 09:13:27 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joe Julian 2013-07-18 21:14:12 EDT
User has 10000 home directories which all need quotas defined. Once he exceeds that maximum volfile size of 131072 bytes, memcpy writes into unallocated space.

This happens in glusterfsd/src/glusterfsd-mgmt.c at mgmt_getspec_cbk line 1629 because the memcpy target is oldvolfile which is static char oldvolfile[131072] (line 1394).

Could this be a security bug since you're overflowing buffers?
Comment 1 T0aD 2013-07-18 21:18:32 EDT
Come on, thats not extreme :)
Comment 2 T0aD 2013-07-19 08:34:19 EDT
Here are the tools used to reproduce the bug: https://gist.github.com/T0aD/6033887
Comment 3 Anand Avati 2013-07-22 09:48:12 EDT
REVIEW: http://review.gluster.org/5373 (glusterfsd: Use dynamic volfile buffer) posted (#1) for review on master by Kaushal M (kaushal@redhat.com)
Comment 4 Anand Avati 2013-07-23 03:27:13 EDT
COMMIT: http://review.gluster.org/5373 committed in master by Vijay Bellur (vbellur@redhat.com) 
------
commit fa787929ba37e483ad041e090a82c14e3b7de900
Author: Kaushal M <kaushal@redhat.com>
Date:   Mon Jul 22 19:14:56 2013 +0530

    glusterfsd: Use dynamic volfile buffer
    
    Glusterfsd used a fixed buffer to store volfiles fetched via getspec.
    This caused problems with large volfiles. Changining this to a dynamic
    buffer allows large volfiles to be loaded in memory.
    
    Change-Id: I40236dcb1c37b9a0136dfb5231cafabb3d4f00dc
    BUG: 986100
    Signed-off-by: Kaushal M <kaushal@redhat.com>
    Reviewed-on: http://review.gluster.org/5373
    Reviewed-by: Vijay Bellur <vbellur@redhat.com>
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
Comment 5 Anand Avati 2013-07-30 08:36:07 EDT
REVIEW: http://review.gluster.org/5431 (glusterfsd: Use dynamic volfile buffer) posted (#1) for review on release-3.4 by Kaushal M (kaushal@redhat.com)
Comment 6 Anand Avati 2013-07-31 03:40:25 EDT
COMMIT: http://review.gluster.org/5431 committed in release-3.4 by Vijay Bellur (vbellur@redhat.com) 
------
commit 1127d5143c27532c07c694a4088dbeae48a1504c
Author: Kaushal M <kaushal@redhat.com>
Date:   Mon Jul 22 19:14:56 2013 +0530

    glusterfsd: Use dynamic volfile buffer
    
    Backport of
     fa78792 glusterfsd: Use dynamic volfile buffer
    from the master branch.
    
    Glusterfsd used a fixed buffer to store volfiles fetched via getspec.
    This caused problems with large volfiles. Changining this to a dynamic
    buffer allows large volfiles to be loaded in memory.
    
    BUG: 986100
    Change-Id: I9ec86c09a00bc84fef7a0da05bbeb6b3e07d5146
    Signed-off-by: Kaushal M <kaushal@redhat.com>
    Reviewed-on: http://review.gluster.org/5431
    Tested-by: Gluster Build System <jenkins@build.gluster.com>
    Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Comment 7 Niels de Vos 2014-04-17 09:13:27 EDT
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.4.3, please reopen this bug report.

glusterfs-3.4.3 has been announced on the Gluster Developers mailinglist [1], packages for several distributions should already be or become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

The fix for this bug likely to be included in all future GlusterFS releases i.e. release > 3.4.3. In the same line the recent release i.e. glusterfs-3.5.0 [3] likely to have the fix. You can verify this by reading the comments in this bug report and checking for comments mentioning "committed in release-3.5".

[1] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/5978
[2] http://news.gmane.org/gmane.comp.file-systems.gluster.user
[3] http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/6137

Note You need to log in before you can comment on or make changes to this bug.