diff options
author | Harpreet Kaur <hlalwani@redhat.com> | 2018-12-14 13:12:26 +0530 |
---|---|---|
committer | Amar Tumballi <amarts@redhat.com> | 2018-12-26 02:17:16 +0000 |
commit | d64fdf867fef36422ab84f2918f5d925597bc7d4 (patch) | |
tree | ede3904bb3393f87f5cbe381e7208f28194cfacd | |
parent | 8fe3c6107a2b431d7cc0b8cfaeeb7941cf9590f9 (diff) | |
download | glusterfs-d64fdf867fef36422ab84f2918f5d925597bc7d4.tar.gz glusterfs-d64fdf867fef36422ab84f2918f5d925597bc7d4.tar.xz glusterfs-d64fdf867fef36422ab84f2918f5d925597bc7d4.zip |
posix: stack-buffer-overflow reported by asan
This patch fixes buffer overflow in
$SRC/xlators/storage/posix/src/posix-inode-fd-ops.c
Memory access at offset 432 overflows "md5_checksum" variable.
SUMMARY: AddressSanitizer: stack-buffer-overflow (/lib64/libasan.so.5+0xb825a)
updates: bz#1633930
Change-Id: I46010a09161d02cdf0c69679a334ec1d3d49cffb
Signed-off-by: Harpreet Kaur <hlalwani@redhat.com>
-rw-r--r-- | xlators/protocol/server/src/server-common.c | 3 | ||||
-rw-r--r-- | xlators/storage/posix/src/posix-inode-fd-ops.c | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/xlators/protocol/server/src/server-common.c b/xlators/protocol/server/src/server-common.c index 0639ac3feb..ce7f264dd8 100644 --- a/xlators/protocol/server/src/server-common.c +++ b/xlators/protocol/server/src/server-common.c @@ -656,7 +656,8 @@ server4_post_rchecksum(gfx_rchecksum_rsp *rsp, uint32_t weak_checksum, uint8_t *strong_checksum) { rsp->weak_checksum = weak_checksum; - + /* When the length encoding changes, update the change + in posix code also. */ rsp->strong_checksum.strong_checksum_val = (char *)strong_checksum; rsp->strong_checksum.strong_checksum_len = SHA256_DIGEST_LENGTH; rsp->flags = 1; /* Indicates SHA256 TYPE */ diff --git a/xlators/storage/posix/src/posix-inode-fd-ops.c b/xlators/storage/posix/src/posix-inode-fd-ops.c index d232482359..9867d5fac6 100644 --- a/xlators/storage/posix/src/posix-inode-fd-ops.c +++ b/xlators/storage/posix/src/posix-inode-fd-ops.c @@ -5571,7 +5571,9 @@ posix_rchecksum(call_frame_t *frame, xlator_t *this, fd_t *fd, off_t offset, ssize_t bytes_read = 0; int32_t weak_checksum = 0; int32_t zerofillcheck = 0; - unsigned char md5_checksum[MD5_DIGEST_LENGTH] = {0}; + /* Protocol version 4 uses 32 bytes i.e SHA256_DIGEST_LENGTH, + so this is used. */ + unsigned char md5_checksum[SHA256_DIGEST_LENGTH] = {0}; unsigned char strong_checksum[SHA256_DIGEST_LENGTH] = {0}; unsigned char *checksum = NULL; struct posix_private *priv = NULL; |