[Gluster-devel] GlusterFS in Ubuntu issues (bug 1086460)

Joe Julian joe at julianfamily.org
Mon Apr 28 18:26:47 UTC 2014




-------- Original Message --------
Subject: 	Re: GlusterFS inclusion
Date: 	Mon, 28 Apr 2014 09:10:23 -0700
From: 	Patricia Gaughen <patricia.gaughen at canonical.com>
To: 	Joe Julian <me at joejulian.name>



I've started the discussions internally. Will keep you posted.

On Thu, Apr 24, 2014 at 7:34 PM, Joe Julian <me at joejulian.name> wrote:
> Please help us get current releases of GlusterFS in Ubuntu proper. Contact
> myself for introductions or Louis 'semiosis' Zuckerman in #gluster. We are
> both board members and almost always on IRC.



On 04/25/2014 09:14 AM, Joe Julian wrote:
> GlusterFS was rejected during the security analysis with these comments:
>>
>> here's just a list of what I found while reading the code:
>>
>> - cppcheck reports ~20 real coding mistakes, perhaps a few false 
>> positives
>> - get_uuid_via_daemon() doesn't check fork() for error return
>> - rdd_valid_config() buffer overflow rdd_config.out_file.path
>> - gf_cli_print_limit_list() doesn't check sprintf(abspath) return value
>> - rb_malloc() and rb_free() ignore their allocator argument
>>   Not a security problem, but might be very surprising
>> - int_to_data() data_from_[u]int{64,32,16,8}() data_from_double()
>>   all re-calculate the length rather than use the return value from
>>   gf_asprintf(). (Not a security problem, just redundant.)
>>
> Should we add cppcheck to Jenkins?
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140428/4d3d9b1f/attachment-0003.html>


More information about the Gluster-devel mailing list