On Tue, Feb 04, 2014 at 01:06:49PM +0900, MORITA Kazutaka wrote: > There is no guarantee that req->data is a string. Actually, the > current code can cause a buffer overrun when, e.g., > SD_OP_FORCE_RECOVER is requested. > > Signed-off-by: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp> > --- > include/util.h | 1 + > lib/util.c | 16 ++++++++++++++++ > sheep/request.c | 2 +- > 3 files changed, 18 insertions(+), 1 deletion(-) > > diff --git a/include/util.h b/include/util.h > index 9545270..5976ef9 100644 > --- a/include/util.h > +++ b/include/util.h > @@ -107,6 +107,7 @@ char *chomp(char *str); > int rmdir_r(const char *dir_path); > int purge_directory(const char *dir_path); > bool is_numeric(const char *p); > +const char *data_to_str(void *data, size_t data_length); > int install_sighandler(int signum, void (*handler)(int), bool once); > int install_crash_handler(void (*handler)(int)); > void reraise_crash_signal(int signo, int status); > diff --git a/lib/util.c b/lib/util.c > index aa4ffb2..64753db 100644 > --- a/lib/util.c > +++ b/lib/util.c > @@ -495,6 +495,22 @@ bool is_numeric(const char *s) > } > > /* > + * We regard 'data' as string when it contains '\0' in the first 256 characters. > + */ > +const char *data_to_str(void *data, size_t data_length) > +{ > + data_length = MIN(data_length, 256); > + > + if (data == NULL) > + return "(null)"; > + > + if (memchr(data, '\0', data_length) != NULL) > + return data; > + > + return "(not string)"; > +} > + > +/* > * If 'once' is true, the signal will be restored to the default state > * after 'handler' is called. > */ > diff --git a/sheep/request.c b/sheep/request.c > index d817205..fbaf645 100644 > --- a/sheep/request.c > +++ b/sheep/request.c > @@ -771,7 +771,7 @@ static void rx_main(struct work *work) > ci->conn.fd, > ci->conn.ipstr, ci->conn.port, > op_name(get_sd_op(req->rq.opcode)), > - (char *)req->data); > + data_to_str(req->data, req->rp.data_length)); > } else { > sd_debug("%d, %s:%d", > ci->conn.fd, > -- > 1.7.10.4 > > -- > sheepdog mailing list > sheepdog at lists.wpkg.org > http://lists.wpkg.org/mailman/listinfo/sheepdog Applied thanks Yuan |