New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

common: Fix heap buffer overflow in do_request #14173

Merged
merged 1 commit into from Apr 1, 2017

Conversation

Projects
None yet
2 participants
@badone
Contributor

badone commented Mar 28, 2017

Fixes: http://tracker.ceph.com/issues/19393
Signed-off-by: Brad Hubbard bhubbard@redhat.com

@badone badone requested a review from tchaikov Mar 28, 2017

@@ -169,6 +171,7 @@ std::string AdminSocketClient::do_request(std::string request, std::string *resu
err = oss.str();
goto done;
}
vec[message_size] = '\0';

This comment has been minimized.

@tchaikov

tchaikov Mar 28, 2017

Contributor

instead of using result->assign((const char*)buffer);, probably we should use

result->assign(buffer, message_size);

or probably better, just define the vec as a string, so we can:

string buffer;
...
buffer.reserve(message_size);
res = safe_read_exact(socket_fd, &buffer[0], message_size);
...
swap(*result, buffer);

so we can remove buffer, and have less memcpy() calls.

common: Fix heap buffer overflow in do_request
Fixes: http://tracker.ceph.com/issues/19393
Signed-off-by: Brad Hubbard <bhubbard@redhat.com>
@badone

This comment has been minimized.

Contributor

badone commented Mar 28, 2017

Test this please

@badone

This comment has been minimized.

Contributor

badone commented Mar 29, 2017

@tchaikov how does it look now?

@tchaikov

This comment has been minimized.

@tchaikov tchaikov merged commit c2432a5 into ceph:master Apr 1, 2017

3 checks passed

Signed-off-by all commits in this PR are signed
Details
Unmodifed Submodules submodules for project are unmodified
Details
default Build finished.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment