[Bugs] [Bug 1505370] New: Mishandling null check at send_brick_req of glusterfsd/ src/gf_attach.c

bugzilla at redhat.com bugzilla at redhat.com
Mon Oct 23 12:40:57 UTC 2017 

https://bugzilla.redhat.com/show_bug.cgi?id=1505370

            Bug ID: 1505370
           Summary: Mishandling null check at send_brick_req of
                    glusterfsd/src/gf_attach.c
           Product: GlusterFS
           Version: 3.12
         Component: glusterd
          Severity: low
          Assignee: bugs at gluster.org
          Reporter: srakonde at redhat.com
                CC: alexc at sbrella.com, amukherj at redhat.com,
                    bugs at gluster.org, kkeithle at redhat.com,
                    srakonde at redhat.com
        Depends On: 1503394
            Blocks: 1502928, 1504255



+++ This bug was initially created as a clone of Bug #1503394 +++

+++ This bug was initially created as a clone of Bug #1502928 +++

Description of problem:

There are three of `goto out` at `send_brick_req`

        iobuf = iobuf_get2 (rpc->ctx->iobuf_pool, req_size);
        if (!iobuf)
                goto out;

        iobref = iobref_new ();
        if (!iobref)
                goto out;

        frame = create_frame (this, this->ctx->pool);
        if (!frame)
                goto out;

that indicates the three of them (iobuf, iobref, frame) might be null and then
jumps to label `out`.

but there might be null pointer dereference after label out:
out:
        iobref_unref (iobref);
        iobuf_unref (iobuf);
        STACK_DESTROY (frame->root);

the error handling code might not work as expected.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Worker Ant on 2017-10-17 09:10:47 EDT ---

REVIEW: https://review.gluster.org/18538 (glusterd:Dereferencing the null
pointer) posted (#1) for review on master by Sanju Rakonde
(srakonde at redhat.com)

--- Additional comment from Worker Ant on 2017-10-17 09:16:50 EDT ---

REVIEW: https://review.gluster.org/18538 (glusterd:Dereferencing the null
pointer) posted (#2) for review on master by Sanju Rakonde
(srakonde at redhat.com)

--- Additional comment from Worker Ant on 2017-10-17 09:29:43 EDT ---

REVIEW: https://review.gluster.org/18539 (glusterd:Dereferencing the null
pointer) posted (#1) for review on release-3.10 by Sanju Rakonde
(srakonde at redhat.com)

--- Additional comment from Worker Ant on 2017-10-17 22:44:27 EDT ---

REVIEW: https://review.gluster.org/18542 (glusterfsd: Dereferencing the null
pointer) posted (#1) for review on master by Sanju Rakonde
(srakonde at redhat.com)

--- Additional comment from Worker Ant on 2017-10-17 23:48:27 EDT ---

REVIEW: https://review.gluster.org/18542 (glusterfsd: Dereferencing the null
pointer) posted (#2) for review on master by Sanju Rakonde
(srakonde at redhat.com)

--- Additional comment from Worker Ant on 2017-10-19 22:31:51 EDT ---

COMMIT: https://review.gluster.org/18542 committed in master by Atin Mukherjee
(amukherj at redhat.com) 
------
commit 87bd25b64ae34cce95e87e724acfeab4c13d60a4
Author: Sanju Rakonde <srakonde at redhat.com>
Date:   Wed Oct 18 08:06:24 2017 +0530

    glusterfsd: Dereferencing the null pointer

    Problem: When control reaches to out, one of (iobref, iobuf, frame) can
    be null.for iobref, iobuf iobref_unref() and iobuf_unref() functions
    are called respectively, which are using GF_VALIDATE_OR_GOTO(), so
    there won't be null pointer dereference. But for frame without null
    checking STACK_DESTROY(frame->root) is called causing null pointer
    dereference.

    Fix: adding a line for null checking, the function
    STACK_DESTROY(frame->root) is called only when frame is not null.

    Change-Id: I3a6684c11fb7b694b81d6ad4fec3bced5562ad88
    BUG: 1503394
    Signed-off-by: Sanju Rakonde <srakonde at redhat.com>

--- Additional comment from Kaleb KEITHLEY on 2017-10-23 08:02:09 EDT ---



--- Additional comment from Kaleb KEITHLEY on 2017-10-23 08:07:32 EDT ---

Where are the backports to 3.12 and 3.10? Thanks


Referenced Bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1502928
[Bug 1502928] Mishandling null check at send_brick_req of
glusterfsd/src/gf_attach.c
https://bugzilla.redhat.com/show_bug.cgi?id=1503394
[Bug 1503394] Mishandling null check at send_brick_req of
glusterfsd/src/gf_attach.c
https://bugzilla.redhat.com/show_bug.cgi?id=1504255
[Bug 1504255] glusterfs: Null pointer dereference in send_brick_req
function in glusterfsd/src/gf_attach.c
-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list