[sheepdog] [PATCH] sheep: add helper function to make sure that req->data is string

Liu Yuan namei.unix at gmail.com
Tue Feb 4 08:15:07 CET 2014


On Tue, Feb 04, 2014 at 01:06:49PM +0900, MORITA Kazutaka wrote:
> There is no guarantee that req->data is a string.  Actually, the
> current code can cause a buffer overrun when, e.g.,
> SD_OP_FORCE_RECOVER is requested.
> 
> Signed-off-by: MORITA Kazutaka <morita.kazutaka at lab.ntt.co.jp>
> ---
>  include/util.h  |    1 +
>  lib/util.c      |   16 ++++++++++++++++
>  sheep/request.c |    2 +-
>  3 files changed, 18 insertions(+), 1 deletion(-)
> 
> diff --git a/include/util.h b/include/util.h
> index 9545270..5976ef9 100644
> --- a/include/util.h
> +++ b/include/util.h
> @@ -107,6 +107,7 @@ char *chomp(char *str);
>  int rmdir_r(const char *dir_path);
>  int purge_directory(const char *dir_path);
>  bool is_numeric(const char *p);
> +const char *data_to_str(void *data, size_t data_length);
>  int install_sighandler(int signum, void (*handler)(int), bool once);
>  int install_crash_handler(void (*handler)(int));
>  void reraise_crash_signal(int signo, int status);
> diff --git a/lib/util.c b/lib/util.c
> index aa4ffb2..64753db 100644
> --- a/lib/util.c
> +++ b/lib/util.c
> @@ -495,6 +495,22 @@ bool is_numeric(const char *s)
>  }
>  
>  /*
> + * We regard 'data' as string when it contains '\0' in the first 256 characters.
> + */
> +const char *data_to_str(void *data, size_t data_length)
> +{
> +	data_length = MIN(data_length, 256);
> +
> +	if (data == NULL)
> +		return "(null)";
> +
> +	if (memchr(data, '\0', data_length) != NULL)
> +		return data;
> +
> +	return "(not string)";
> +}
> +
> +/*
>   * If 'once' is true, the signal will be restored to the default state
>   * after 'handler' is called.
>   */
> diff --git a/sheep/request.c b/sheep/request.c
> index d817205..fbaf645 100644
> --- a/sheep/request.c
> +++ b/sheep/request.c
> @@ -771,7 +771,7 @@ static void rx_main(struct work *work)
>  			ci->conn.fd,
>  			ci->conn.ipstr, ci->conn.port,
>  			op_name(get_sd_op(req->rq.opcode)),
> -			(char *)req->data);
> +			data_to_str(req->data, req->rp.data_length));
>  	} else {
>  		sd_debug("%d, %s:%d",
>  			 ci->conn.fd,
> -- 
> 1.7.10.4
> 
> -- 
> sheepdog mailing list
> sheepdog at lists.wpkg.org
> http://lists.wpkg.org/mailman/listinfo/sheepdog

Applied thanks

Yuan



More information about the sheepdog mailing list