From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Price Date: Fri, 17 Aug 2012 10:57:06 +0100 Subject: [Cluster-devel] cluster: RHEL6 - fsck.gfs2: Fix buffer overflow in get_lockproto_table In-Reply-To: <502DC259.6090305@redhat.com> References: <20120816210130.5EC643527@fedorahosted.org> <502DC259.6090305@redhat.com> Message-ID: <502E1572.2020402@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 17/08/12 05:02, Fabio M. Di Nitto wrote: > On 08/16/2012 11:01 PM, Andrew Price wrote: >> Gitweb: http://git.fedorahosted.org/git/?p=cluster.git;a=commitdiff;h=f796ee8752712e9e523e1516bb9165b274552753 >> Commit: f796ee8752712e9e523e1516bb9165b274552753 >> Parent: 638deec0ccbf45862eee97294f09ba9d6b3f56d0 >> Author: Andrew Price >> AuthorDate: Sat Jul 7 22:03:24 2012 +0100 >> Committer: Andrew Price >> CommitterDate: Thu Aug 16 21:54:56 2012 +0100 >> >> fsck.gfs2: Fix buffer overflow in get_lockproto_table >> >> Coverity discovered a buffer overflow in this function where an overly >> long cluster name in cluster.conf could cause a crash while repairing >> the superblock. This patch fixes the bug by making sure the lock table >> is composed sensibly, limiting the fsname to 16 chars as documented, and >> only allowing the cluster name (which doesn't seem to have a documented >> max size) to use the remaining space in the locktable name string. > > cluster name is max 16 bytes too (including \0). It's actually verified > by cman at startup so it can't be longer than that. OK, thanks for clearing that up. There are other places in gfs2-utils which we can tighten up now that we know that the cluster name has a solid limit so I'm going to push this patch (which fixes the overflow bug) and we'll address the limit issues separately. BTW, now that cman has disappeared upstream is anything checking the length of the cluster name now? Andy