[Bugs] [Bug 1263056] libgfapi: brick process crashes if attr KEY length > 255 for glfs_lgetxattr(...)

bugzilla at redhat.com bugzilla at redhat.com
Tue Sep 15 16:47:57 UTC 2015


https://bugzilla.redhat.com/show_bug.cgi?id=1263056

Milind Changire <mchangir at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|needinfo?(mchangir at redhat.c |
                   |om)                         |



--- Comment #2 from Milind Changire <mchangir at redhat.com> ---
Actually I faced a stack corruption problem while testing integration with a
backup-restore application called bareos.

There has been some root cause analysis by Raghavendra G and Poornima G and it
was concluded that although the VFS doesn't allow operations on xattr keys >
255 in length via getfattr command and the keys don't reach the server, there
isn't any validation in the libgfapi at least for this specific criteria for
this specific API.

Poornima G also attempted to get/set xattr via api/examples/glfsxmp.c with a
key > 255 length and had a different outcome. Please consult her for more info.

Here's the uncommitted patch of the fix for reference:

diff --git a/api/src/glfs-fops.c b/api/src/glfs-fops.c
index ff85f7b..2d7a23c 100644
--- a/api/src/glfs-fops.c
+++ b/api/src/glfs-fops.c
@@ -2853,6 +2853,12 @@ glfs_getxattr_common (struct glfs *fs, const char *path,
const char *name,
                errno = EIO;
                goto out;
        }
+
+        if (strlen(name) > 255) {
+                ret = -1;
+                errno = EINVAL;
+                goto out;
+        }
 retry:
        if (follow)
                ret = glfs_resolve (fs, subvol, path, &loc, &iatt, reval);

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.


More information about the Bugs mailing list