[Bugs] [Bug 1174017] New: Unchecked buffer fill by gf_readline in gf_history_changelog_next_change
bugzilla at redhat.com
bugzilla at redhat.com
Sun Dec 14 20:32:24 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1174017
Bug ID: 1174017
Summary: Unchecked buffer fill by gf_readline in
gf_history_changelog_next_change
Product: GlusterFS
Version: mainline
Component: core
Keywords: EasyFix, Patch, Triaged
Severity: medium
Assignee: ndevos at redhat.com
Reporter: ndevos at redhat.com
CC: bugs at gluster.org, gluster-bugs at redhat.com,
kschinck at redhat.com, vshankar at redhat.com
Blocks: 1099922
+++ This bug was initially created as a clone of Bug #1099922 +++
Description of problem:
A gf_history_changelog_next_change() calls gf_readline() to fill a buffer
without checking buffer size. The size of maxlen is not verified to be less
than the lenght of buffer. This could result in the over filling of buffer of
maxlen is greater than PATH_MAX
size = gf_readline (tracker_fd, buffer, maxlen);
Version-Release number of selected component (if applicable):
3.5
https://github.com/gluster/glusterfs/blame/master/xlators/features/changelog/lib/src/gf-history-changelog.c#L173
How reproducible:
100%
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Check the size of maxlen to be less than PATH_MAX and return a fail code as
needed.
See attached patch.
Additional info:
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1099922
[Bug 1099922] Unchecked buffer fill by gf_readline in
gf_history_changelog_next_change
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nvt6KAxaAn&a=cc_unsubscribe
More information about the Bugs
mailing list