[Bugs] [Bug 1685944] New: WORM-XLator: Maybe integer overflow when computing new atime

bugzilla at redhat.com bugzilla at redhat.com
Wed Mar 6 11:20:38 UTC 2019


            Bug ID: 1685944
           Summary: WORM-XLator: Maybe integer overflow when computing new
           Product: GlusterFS
           Version: mainline
            Status: NEW
         Component: core
          Assignee: bugs at gluster.org
          Reporter: david.spisla at iternity.com
                CC: bugs at gluster.org
  Target Milestone: ---
    Classification: Community

Description of problem:
May integer overflow in WORM Xlator possibly.

The structs:

typedef struct {
    uint8_t worm : 1;
    uint8_t retain : 1;
    uint8_t legal_hold : 1;
    uint8_t ret_mode : 1;
    int64_t ret_period;
    int64_t auto_commit_period;
} worm_reten_state_t;

typedef struct {
    gf_boolean_t readonly_or_worm_enabled;
    gf_boolean_t worm_file;
    gf_boolean_t worm_files_deletable;
    int64_t reten_period;
    int64_t com_period;
    int reten_mode;
    time_t start_time;
} read_only_priv_t;

from read-only.h are using uint64_t values to store periods of retention and
autocommmit. This seems to be dangerous since in worm-helper.c the function
worm_set_state computes in line 97:

stbuf->ia_atime = time(NULL) + retention_state->ret_period;

stbuf->ia_atime is using int64_t because auf the settings of struct iattr. So
if there is a very very high retention period stored , there is maybe an
integer overflow. 

What can be the solution? Using int64_t instead if uint64_t may reduce the
probability of the occurance.

Version-Release number of selected component (if applicable):

Gluster v5.4

You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list