rpms/glusterfs
5
0
Fork 0
Code Issues Pull Requests Releases Activity
cd32b8a252
glusterfs/0340-protocol-don-t-use-alloca.patch
Milind Changire c459b4cbb4 autobuild v3.12.2-16 
Resolves: bz#1569657 bz#1608352 bz#1609163 bz#1609724 bz#1610825
Resolves: bz#1611151 bz#1612098 bz#1615338 bz#1615440
Signed-off-by: Milind Changire <mchangir@redhat.com>
2018-08-14 13:37:41 -04:00

397 lines
14 KiB
Diff
Raw Blame History

From d15e6e4443e8873dc44c6731ce8876bde625b189 Mon Sep 17 00:00:00 2001
From: Amar Tumballi <amarts@redhat.com>
Date: Thu, 2 Aug 2018 14:27:45 +0530
Subject: [PATCH 340/351] protocol: don't use alloca
current implementation of alloca can cause issues when strings larger
than the allocated buffer is passed to the xdr. Hence it makes sense
to allow XDR decode functions to deal with memory allocations, which
we can free later.
BUG: 1605227
Change-Id: I12d1c5d5498d0a403abd9c4e618bd5b4b60df8ee
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/145897
Reviewed-by: FNU Raghavendra Manjunath <raghavendra@redhat.com>
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
---
xlators/protocol/server/src/server-rpc-fops.c | 74 ++++++++++-----------------
1 file changed, 27 insertions(+), 47 deletions(-)
diff --git a/xlators/protocol/server/src/server-rpc-fops.c b/xlators/protocol/server/src/server-rpc-fops.c
index 0bf41d8..a7fd3b5 100644
--- a/xlators/protocol/server/src/server-rpc-fops.c
+++ b/xlators/protocol/server/src/server-rpc-fops.c
@@ -3896,8 +3896,6 @@ server3_3_create (rpcsvc_request_t *req)
if (!req)
return ret;
- args.bname = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_create_req, GF_FOP_CREATE);
if (ret != 0) {
@@ -3931,6 +3929,7 @@ server3_3_create (rpcsvc_request_t *req)
out:
/* memory allocated by libc, don't use GF_FREE */
free (args.xdata.xdata_val);
+ free (args.bname);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -4453,8 +4452,6 @@ server3_3_unlink (rpcsvc_request_t *req)
if (!req)
return ret;
- args.bname = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_unlink_req, GF_FOP_UNLINK);
if (ret != 0) {
@@ -4479,6 +4476,7 @@ server3_3_unlink (rpcsvc_request_t *req)
resolve_and_resume (frame, server_unlink_resume);
out:
free (args.xdata.xdata_val);
+ free (args.bname);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -4500,8 +4498,6 @@ server3_3_setxattr (rpcsvc_request_t *req)
if (!req)
return ret;
- args.dict.dict_val = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_setxattr_req, GF_FOP_SETXATTR);
if (ret != 0) {
@@ -4537,6 +4533,7 @@ server3_3_setxattr (rpcsvc_request_t *req)
out:
free (args.xdata.xdata_val);
+ free (args.dict.dict_val);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -4562,8 +4559,6 @@ server3_3_fsetxattr (rpcsvc_request_t *req)
if (!req)
return ret;
- args.dict.dict_val = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_fsetxattr_req, GF_FOP_FSETXATTR);
if (ret != 0) {
@@ -4597,6 +4592,7 @@ server3_3_fsetxattr (rpcsvc_request_t *req)
out:
free (args.xdata.xdata_val);
+ free (args.dict.dict_val);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -4622,8 +4618,6 @@ server3_3_fxattrop (rpcsvc_request_t *req)
if (!req)
return ret;
- args.dict.dict_val = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_fxattrop_req, GF_FOP_FXATTROP);
if (ret != 0) {
@@ -4657,6 +4651,7 @@ server3_3_fxattrop (rpcsvc_request_t *req)
out:
free (args.xdata.xdata_val);
+ free (args.dict.dict_val);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -4682,8 +4677,6 @@ server3_3_xattrop (rpcsvc_request_t *req)
if (!req)
return ret;
- args.dict.dict_val = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_xattrop_req, GF_FOP_XATTROP);
if (ret != 0) {
@@ -4716,6 +4709,7 @@ server3_3_xattrop (rpcsvc_request_t *req)
out:
free (args.xdata.xdata_val);
+ free (args.dict.dict_val);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -4739,8 +4733,6 @@ server3_3_getxattr (rpcsvc_request_t *req)
if (!req)
return ret;
- args.name = alloca (256);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_getxattr_req, GF_FOP_GETXATTR);
if (ret != 0) {
@@ -4766,6 +4758,7 @@ server3_3_getxattr (rpcsvc_request_t *req)
resolve_and_resume (frame, server_getxattr_resume);
out:
free (args.xdata.xdata_val);
+ free (args.name);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -4786,8 +4779,6 @@ server3_3_fgetxattr (rpcsvc_request_t *req)
if (!req)
return ret;
- args.name = alloca (256);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_fgetxattr_req, GF_FOP_FGETXATTR);
if (ret != 0) {
@@ -4810,6 +4801,7 @@ server3_3_fgetxattr (rpcsvc_request_t *req)
resolve_and_resume (frame, server_fgetxattr_resume);
out:
free (args.xdata.xdata_val);
+ free (args.name);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -4831,8 +4823,6 @@ server3_3_removexattr (rpcsvc_request_t *req)
if (!req)
return ret;
- args.name = alloca (256);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_removexattr_req,
GF_FOP_REMOVEXATTR);
@@ -4854,6 +4844,7 @@ server3_3_removexattr (rpcsvc_request_t *req)
resolve_and_resume (frame, server_removexattr_resume);
out:
free (args.xdata.xdata_val);
+ free (args.name);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -4873,8 +4864,6 @@ server3_3_fremovexattr (rpcsvc_request_t *req)
if (!req)
return ret;
- args.name = alloca (4096);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_fremovexattr_req,
GF_FOP_FREMOVEXATTR);
@@ -4897,6 +4886,7 @@ server3_3_fremovexattr (rpcsvc_request_t *req)
resolve_and_resume (frame, server_fremovexattr_resume);
out:
free (args.xdata.xdata_val);
+ free (args.name);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -5107,8 +5097,6 @@ server3_3_mknod (rpcsvc_request_t *req)
if (!req)
return ret;
- args.bname = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_mknod_req, GF_FOP_MKNOD);
if (ret != 0) {
@@ -5140,6 +5128,7 @@ out:
/* memory allocated by libc, don't use GF_FREE */
free (args.xdata.xdata_val);
+ free (args.bname);
return ret;
@@ -5158,8 +5147,6 @@ server3_3_mkdir (rpcsvc_request_t *req)
if (!req)
return ret;
- args.bname = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_mkdir_req, GF_FOP_MKDIR);
if (ret != 0) {
@@ -5189,6 +5176,7 @@ out:
SERVER_REQ_SET_ERROR (req, ret);
free (args.xdata.xdata_val);
+ free (args.bname);
return ret;
}
@@ -5206,8 +5194,6 @@ server3_3_rmdir (rpcsvc_request_t *req)
if (!req)
return ret;
- args.bname = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_rmdir_req, GF_FOP_RMDIR);
if (ret != 0) {
@@ -5231,6 +5217,7 @@ server3_3_rmdir (rpcsvc_request_t *req)
resolve_and_resume (frame, server_rmdir_resume);
out:
free (args.xdata.xdata_val);
+ free (args.bname);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -5253,8 +5240,6 @@ server3_3_inodelk (rpcsvc_request_t *req)
if (!req)
return ret;
- args.volume = alloca (256);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_inodelk_req, GF_FOP_INODELK);
if (ret != 0) {
@@ -5304,6 +5289,7 @@ server3_3_inodelk (rpcsvc_request_t *req)
resolve_and_resume (frame, server_inodelk_resume);
out:
free (args.xdata.xdata_val);
+ free (args.volume);
free (args.flock.lk_owner.lk_owner_val);
@@ -5325,8 +5311,6 @@ server3_3_finodelk (rpcsvc_request_t *req)
if (!req)
return ret;
- args.volume = alloca (256);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_finodelk_req,
GF_FOP_FINODELK);
@@ -5378,6 +5362,7 @@ server3_3_finodelk (rpcsvc_request_t *req)
resolve_and_resume (frame, server_finodelk_resume);
out:
free (args.xdata.xdata_val);
+ free (args.volume);
free (args.flock.lk_owner.lk_owner_val);
@@ -5400,9 +5385,6 @@ server3_3_entrylk (rpcsvc_request_t *req)
if (!req)
return ret;
- args.volume = alloca (256);
- args.name = alloca (256);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_entrylk_req,
GF_FOP_ENTRYLK);
@@ -5430,6 +5412,8 @@ server3_3_entrylk (rpcsvc_request_t *req)
resolve_and_resume (frame, server_entrylk_resume);
out:
free (args.xdata.xdata_val);
+ free (args.volume);
+ free (args.name);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -5449,9 +5433,6 @@ server3_3_fentrylk (rpcsvc_request_t *req)
if (!req)
return ret;
- args.name = alloca (256);
- args.volume = alloca (256);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_fentrylk_req,
GF_FOP_FENTRYLK);
@@ -5479,6 +5460,8 @@ server3_3_fentrylk (rpcsvc_request_t *req)
resolve_and_resume (frame, server_fentrylk_resume);
out:
free (args.xdata.xdata_val);
+ free (args.volume);
+ free (args.name);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -5539,9 +5522,6 @@ server3_3_symlink (rpcsvc_request_t *req)
if (!req)
return ret;
- args.bname = alloca (req->msg[0].iov_len);
- args.linkname = alloca (4096);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_symlink_req, GF_FOP_SYMLINK);
if (ret != 0) {
@@ -5570,6 +5550,8 @@ out:
/* memory allocated by libc, don't use GF_FREE */
free (args.xdata.xdata_val);
+ free (args.linkname);
+ free (args.bname);
return ret;
}
@@ -5588,8 +5570,6 @@ server3_3_link (rpcsvc_request_t *req)
if (!req)
return ret;
- args.newbname = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_link_req, GF_FOP_LINK);
if (ret != 0) {
@@ -5614,6 +5594,7 @@ server3_3_link (rpcsvc_request_t *req)
resolve_and_resume (frame, server_link_resume);
out:
free (args.xdata.xdata_val);
+ free (args.newbname);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -5634,9 +5615,6 @@ server3_3_rename (rpcsvc_request_t *req)
if (!req)
return ret;
- args.oldbname = alloca (req->msg[0].iov_len);
- args.newbname = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_rename_req, GF_FOP_RENAME);
if (ret != 0) {
@@ -5663,6 +5641,8 @@ server3_3_rename (rpcsvc_request_t *req)
resolve_and_resume (frame, server_rename_resume);
out:
free (args.xdata.xdata_val);
+ free (args.newbname);
+ free (args.oldbname);
if (op_errno)
SERVER_REQ_SET_ERROR (req, ret);
@@ -5865,9 +5845,6 @@ server3_3_lookup (rpcsvc_request_t *req)
GF_VALIDATE_OR_GOTO ("server", req, err);
- args.bname = alloca (req->msg[0].iov_len);
- args.xdata.xdata_val = alloca (req->msg[0].iov_len);
-
ret = rpc_receive_common (req, &frame, &state, NULL, &args,
xdr_gfs3_lookup_req, GF_FOP_LOOKUP);
if (ret != 0) {
@@ -5896,6 +5873,9 @@ server3_3_lookup (rpcsvc_request_t *req)
return ret;
out:
+ free (args.bname);
+ free (args.xdata.xdata_val);
+
server_lookup_cbk (frame, NULL, frame->this, -1, EINVAL, NULL, NULL,
NULL, NULL);
ret = 0;
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink