[Gluster-devel] GlusterFS QA efforts - an initial submission
Geoff Kassel
gkassel at users.sourceforge.net
Wed Feb 27 08:42:40 UTC 2008
Replying to myself yet again with an update of my QA efforts:
I've now patched 13 security issues out of 37 potential issues detected by
FlawFinder - these were in glusterfs and xlator/mount/fuse (formerly
glusterfs-fuse and glusterfsd). Support is added in configure.ac for strlcat
and strlcpy, and a few other GNU-only functions like asprintf and family, as
the QA patches (and glusterfs code base) depend on support for these
functions which may not be available on all POSIX systems. I'm now extending
my QA efforts into libglusterfs.
I've also fixed a libglusterfs/protocol.c max_block_size issue that prevented
proper function on some systems (notably, my Gentoo Hardened systems), making
glusterfs functional on these systems (at least for the QA example specs) for
the first time since TLA patch-636.
The protocol.c issue was producing the following non-fatal (but
function-preventing) server warnings:
2008-02-27 16:38:25 E [protocol.c:330:gf_block_unserialize_transport] server8:
frame size (80) > max (-2147415040)
2008-02-27 16:38:30 E [protocol.c:330:gf_block_unserialize_transport] server8:
frame size (85) > max (-2147415040)
The code in the pastebins mentioned in my previous posts is now obsolete -
I've now posted on the gluster Savannah patch tracker an archive of the TLA
mkpatch output for my most recent changes. These are relative to TLA
patch-688.
As I've been able to restore glusterfs function on my test system, I'm now
able to test my work. All the patches appear to work correctly on a Gentoo
Hardened/i686 system (Athlon 64 Dual Core with 32-bit libraries only) using a
2.6.23 kernel and FUSE 2.7.2 GLFS8.
I hope others find these patches useful.
Kind regards,
Geoff Kassel.
On Tue, 19 Feb 2008, Geoff Kassel wrote:
> Replying to myself here with some additions and revisions.
>
> Updated changes to glusterfsd/src/glusterfsd.c (comment clarification + TLA
> mkpatch generated now) in http://glusterfs.pastebin.com/f1437e17b
>
> Added QA patch for glusterfs-fuse/src/glusterfs.c in
> http://glusterfs.pastebin.com/f918477b
>
> I can supply an archive of a mkpatch changeset on request.
>
> Cheers,
>
> Geoff Kassel.
>
> On Sun, 17 Feb 2008, Geoff Kassel wrote:
> > Hi all,
> > I'm starting some QA work on the GlusterFS code base - just using the
> > open-source tool FlawFinder (http://www.dwheeler.com/flawfinder) for now.
> > Here's my QA work on the main GlusterFS daemon file, glusterfsd.c - see
> > my diff at http://glusterfs.pastebin.com/f1437e17b which is applied
> > against TLA patch-666.
> >
> > The changes build - unfortunately, I can't test it, as I haven't had a
> > version of GlusterFS work properly for me under my Hardened Gentoo
> > systems since patch-636. (Hence why I'm starting the QA efforts.)
> >
> > Please let me know if my code comments and fixes are inappropriate -
> > especially if I've actually made things worse, security/quality wise.
> >
> > Kind regards,
> >
> > Geoff Kassel.
> >
> >
> > _______________________________________________
> > Gluster-devel mailing list
> > Gluster-devel at nongnu.org
> > http://lists.nongnu.org/mailman/listinfo/gluster-devel
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at nongnu.org
> http://lists.nongnu.org/mailman/listinfo/gluster-devel
More information about the Gluster-devel
mailing list