[sheepdog] [PATCH] bs_sheepdog.c: ensure that vdi names and tag names are null-terminated
Hitoshi Mitake
mitake.hitoshi at gmail.com
Mon Dec 9 06:45:11 CET 2013
At Mon, 9 Dec 2013 14:00:41 +0900,
Ryusuke Konishi wrote:
>
> In the current sheepdog driver, tag names and vdi names are truncated
> to 256 bytes if they are longer than the size.
>
> The request data will not be null-terminated if those names are
> truncated to the maximum byte size.
>
> This implementation causes the following two issues with sheepdog:
>
> 1) Since CLI of sheepdog (i.e. dog command) truncates tag names and
> vdi names to 255 bytes to ensure that string buffers are
> null-terminated, vdi lookup function of sheep daemon can fail for
> long vdi names or long tag names due to this difference of buffer
> termination.
>
> 2) The absence of a null byte causes potential buffer overrun issue
> with the sheep daemon even though we are trying to fix this sort
> of dangerous implementation.
>
> This patch ensures that tag names and vdi names set to the request
> buffer are both null terminated and fixes these issues.
>
> Signed-off-by: Ryusuke Konishi <konishi.ryusuke at lab.ntt.co.jp>
> Cc: Hitoshi Mitake <mitake.hitoshi at lab.ntt.co.jp>
> ---
> usr/bs_sheepdog.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Looks good to me, thanks for your fix.
Reviewed-by: Hitoshi Mitake <mitake.hitoshi at lab.ntt.co.jp>
Thanks,
Hitoshi
More information about the sheepdog
mailing list