[sheepdog] [PATCH] sheep: add helper function to make sure that req->data is string
MORITA Kazutaka
morita.kazutaka at lab.ntt.co.jp
Tue Feb 4 05:06:49 CET 2014
There is no guarantee that req->data is a string. Actually, the
current code can cause a buffer overrun when, e.g.,
SD_OP_FORCE_RECOVER is requested.
Signed-off-by: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp>
---
include/util.h | 1 +
lib/util.c | 16 ++++++++++++++++
sheep/request.c | 2 +-
3 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/include/util.h b/include/util.h
index 9545270..5976ef9 100644
--- a/include/util.h
+++ b/include/util.h
@@ -107,6 +107,7 @@ char *chomp(char *str);
int rmdir_r(const char *dir_path);
int purge_directory(const char *dir_path);
bool is_numeric(const char *p);
+const char *data_to_str(void *data, size_t data_length);
int install_sighandler(int signum, void (*handler)(int), bool once);
int install_crash_handler(void (*handler)(int));
void reraise_crash_signal(int signo, int status);
diff --git a/lib/util.c b/lib/util.c
index aa4ffb2..64753db 100644
--- a/lib/util.c
+++ b/lib/util.c
@@ -495,6 +495,22 @@ bool is_numeric(const char *s)
}
/*
+ * We regard 'data' as string when it contains '\0' in the first 256 characters.
+ */
+const char *data_to_str(void *data, size_t data_length)
+{
+ data_length = MIN(data_length, 256);
+
+ if (data == NULL)
+ return "(null)";
+
+ if (memchr(data, '\0', data_length) != NULL)
+ return data;
+
+ return "(not string)";
+}
+
+/*
* If 'once' is true, the signal will be restored to the default state
* after 'handler' is called.
*/
diff --git a/sheep/request.c b/sheep/request.c
index d817205..fbaf645 100644
--- a/sheep/request.c
+++ b/sheep/request.c
@@ -771,7 +771,7 @@ static void rx_main(struct work *work)
ci->conn.fd,
ci->conn.ipstr, ci->conn.port,
op_name(get_sd_op(req->rq.opcode)),
- (char *)req->data);
+ data_to_str(req->data, req->rp.data_length));
} else {
sd_debug("%d, %s:%d",
ci->conn.fd,
--
1.7.10.4
More information about the sheepdog
mailing list