[sheepdog] [PATCH v2] sheep/store: add epoch file length checking

[Ruoyu]

If epoch file length is shorter than size of time due to file broken,
epoch_stat.st_size - sizeof(*timestamp) is negative. However,
the third parameter of function xread will get it as type size_t,
then xread will think there are many data to be read. Therefore,
a file length checking to prevent this situation is needed.

v2 does nothing changed logically but uses a variable to store
the value of the express 'epoch_stat.st_size - sizeof(*timestamp)'

Signed-off-by: Ruoyu <liangry at ucweb.com>
---
 sheep/store.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sheep/store.c b/sheep/store.c
index eee88c7..eb42f2c 100644
--- a/sheep/store.c
+++ b/sheep/store.c
@@ -44,7 +44,7 @@ int update_epoch_log(uint32_t epoch, struct sd_node *nodes, size_t nr_nodes)
 static int do_epoch_log_read(uint32_t epoch, struct sd_node *nodes, int len,
 			     time_t *timestamp)
 {
-	int fd, ret, nr_nodes;
+	int fd, ret, nr_nodes, buf_len;
 	char path[PATH_MAX];
 	struct stat epoch_stat;
 
@@ -62,12 +62,13 @@ static int do_epoch_log_read(uint32_t epoch, struct sd_node *nodes, int len,
 		goto err;
 	}
 
-	if (len < epoch_stat.st_size - sizeof(*timestamp)) {
+	buf_len = epoch_stat.st_size - sizeof(*timestamp);
+	if (buf_len < 0 || len < buf_len) {
 		sd_err("invalid epoch %"PRIu32" log", epoch);
 		goto err;
 	}
 
-	ret = xread(fd, nodes, epoch_stat.st_size - sizeof(*timestamp));
+	ret = xread(fd, nodes, buf_len);
 	if (ret < 0) {
 		sd_err("failed to read epoch %"PRIu32" log, %m", epoch);
 		goto err;
-- 
1.8.3.2