glusterfs: fix CVE-2018-10907

Backport a patch to fix the following CVE. CVE: CVE-2018-10907 Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Chen Qi <Qi.Chen@windriver.com> 2018-09-26 10:36:31 +0800
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2018-09-30 21:34:09 -0400
commit: f0f6be2f83744acb9c5e0fd9424310862b52da04 (patch)
tree: 37302a35833be3c59c4febb60a103c55450c3eeb /recipes-extended
parent: 57e11a65b6ad83bde2ae57913ece940bb9b40a4e (diff)
download: meta-cloud-services-f0f6be2f83744acb9c5e0fd9424310862b52da04.tar.gz
2 files changed, 401 insertions, 0 deletions
diff --git a/recipes-extended/glusterfs/files/0007-protocol-don-t-use-alloca.patch b/recipes-extended/glusterfs/files/0007-protocol-don-t-use-alloca.patch
new file mode 100644
index 0000000..bd45437
--- /dev/null
+++ b/recipes-extended/glusterfs/files/0007-protocol-don-t-use-alloca.patch
@@ -0,0 +1,400 @@
+From 7d8d9bd27f245739a6f297e4ecfc87b90c783987 Mon Sep 17 00:00:00 2001
+From: Chen Qi <Qi.Chen@windriver.com>
+Date: Wed, 26 Sep 2018 09:47:28 +0800
+Subject: [PATCH 7/7] protocol: don't use alloca
+current implementation of alloca can cause issues when strings larger
+than the allocated buffer is passed to the xdr. Hence it makes sense
+to allow XDR decode functions to deal with memory allocations, which
+we can free later.
+Fixes: bz#1625097
+Change-Id: I3a05553f5702de9575c244649ca0e5ac9abaac94
+Signed-off-by: Amar Tumballi <amarts@redhat.com>
+Upstream-Status: Backport
+Fix CVE-2018-10907
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ xlators/protocol/server/src/server-rpc-fops.c | 73 +++++++++++----------------
+ 1 file changed, 30 insertions(+), 43 deletions(-)
+diff --git a/xlators/protocol/server/src/server-rpc-fops.c b/xlators/protocol/server/src/server-rpc-fops.c
+index 0ba4ffa..d3a44fc 100644
+--- a/xlators/protocol/server/src/server-rpc-fops.c
+++ b/xlators/protocol/server/src/server-rpc-fops.c
+@@ -3983,8 +3983,6 @@ server3_3_create (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.bname = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_create_req);
+         if (ret < 0) {
+@@ -4034,6 +4032,7 @@ server3_3_create (rpcsvc_request_t *req)
+ out:
+         /* memory allocated by libc, don't use GF_FREE */
+         free (args.xdata.xdata_val);
+        free (args.bname);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -4693,8 +4692,6 @@ server3_3_unlink (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.bname = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_unlink_req);
+         if (ret < 0) {
+@@ -4734,6 +4731,7 @@ server3_3_unlink (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_unlink_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.bname);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -4755,8 +4753,6 @@ server3_3_setxattr (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.dict.dict_val = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_setxattr_req);
+         if (ret < 0) {
+@@ -4809,6 +4805,7 @@ server3_3_setxattr (rpcsvc_request_t *req)
+ 
+ out:
+         free (args.xdata.xdata_val);
+        free (args.dict.dict_val);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -4834,7 +4831,6 @@ server3_3_fsetxattr (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.dict.dict_val = alloca (req->msg[0].iov_len);
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_fsetxattr_req);
+         if (ret < 0) {
+@@ -4885,6 +4881,7 @@ server3_3_fsetxattr (rpcsvc_request_t *req)
+ 
+ out:
+         free (args.xdata.xdata_val);
+        free (args.dict.dict_val);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -4910,7 +4907,6 @@ server3_3_fxattrop (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.dict.dict_val = alloca (req->msg[0].iov_len);
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_fxattrop_req);
+         if (ret < 0) {
+@@ -4961,6 +4957,7 @@ server3_3_fxattrop (rpcsvc_request_t *req)
+ 
+ out:
+         free (args.xdata.xdata_val);
+        free (args.dict.dict_val);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -4986,8 +4983,6 @@ server3_3_xattrop (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.dict.dict_val = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_xattrop_req);
+         if (ret < 0) {
+@@ -5037,6 +5032,7 @@ server3_3_xattrop (rpcsvc_request_t *req)
+ 
+ out:
+         free (args.xdata.xdata_val);
+        free (args.dict.dict_val);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -5060,8 +5056,6 @@ server3_3_getxattr (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.name = alloca (256);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_getxattr_req);
+         if (ret < 0) {
+@@ -5104,6 +5098,7 @@ server3_3_getxattr (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_getxattr_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.name);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -5124,7 +5119,6 @@ server3_3_fgetxattr (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.name = alloca (256);
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_fgetxattr_req);
+         if (ret < 0) {
+@@ -5165,6 +5159,7 @@ server3_3_fgetxattr (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_fgetxattr_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.name);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -5186,8 +5181,6 @@ server3_3_removexattr (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.name = alloca (256);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_removexattr_req);
+         if (ret < 0) {
+@@ -5225,6 +5218,7 @@ server3_3_removexattr (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_removexattr_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.name);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -5244,8 +5238,6 @@ server3_3_fremovexattr (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.name = alloca (4096);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_fremovexattr_req);
+         if (ret < 0) {
+@@ -5284,6 +5276,7 @@ server3_3_fremovexattr (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_fremovexattr_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.name);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -5561,8 +5554,6 @@ server3_3_mknod (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.bname = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_mknod_req);
+         if (ret < 0) {
+@@ -5609,6 +5600,7 @@ out:
+ 
+         /* memory allocated by libc, don't use GF_FREE */
+         free (args.xdata.xdata_val);
+        free (args.bname);
+ 
+         return ret;
+ 
+@@ -5627,8 +5619,6 @@ server3_3_mkdir (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.bname = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_mkdir_req);
+         if (ret < 0) {
+@@ -5674,6 +5664,7 @@ out:
+                 SERVER_REQ_SET_ERROR (req, ret);
+ 
+         free (args.xdata.xdata_val);
+        free (args.bname);
+ 
+         return ret;
+ }
+@@ -5691,8 +5682,6 @@ server3_3_rmdir (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.bname = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_rmdir_req);
+         if (ret < 0) {
+@@ -5732,6 +5721,7 @@ server3_3_rmdir (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_rmdir_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.bname);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -5754,8 +5744,6 @@ server3_3_inodelk (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.volume = alloca (256);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_inodelk_req);
+         if (ret < 0) {
+@@ -5822,6 +5810,7 @@ server3_3_inodelk (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_inodelk_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.volume);
+ 
+         free (args.flock.lk_owner.lk_owner_val);
+ 
+@@ -5843,7 +5832,6 @@ server3_3_finodelk (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.volume = alloca (256);
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_finodelk_req);
+         if (ret < 0) {
+@@ -5911,6 +5899,7 @@ server3_3_finodelk (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_finodelk_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.volume);
+ 
+         free (args.flock.lk_owner.lk_owner_val);
+ 
+@@ -5933,9 +5922,6 @@ server3_3_entrylk (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.volume = alloca (256);
+-        args.name   = alloca (256);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_entrylk_req);
+         if (ret < 0) {
+@@ -5979,6 +5965,8 @@ server3_3_entrylk (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_entrylk_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.volume);
+        free (args.name);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -5998,9 +5986,6 @@ server3_3_fentrylk (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.name   = alloca (256);
+-        args.volume = alloca (256);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_fentrylk_req);
+         if (ret < 0) {
+@@ -6044,6 +6029,8 @@ server3_3_fentrylk (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_fentrylk_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.volume);
+        free (args.name);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -6121,9 +6108,6 @@ server3_3_symlink (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.bname    = alloca (req->msg[0].iov_len);
+-        args.linkname = alloca (4096);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_symlink_req);
+         if (ret < 0) {
+@@ -6168,6 +6152,8 @@ out:
+ 
+         /* memory allocated by libc, don't use GF_FREE */
+         free (args.xdata.xdata_val);
+        free (args.linkname);
+        free (args.bname);
+ 
+         return ret;
+ }
+@@ -6186,8 +6172,6 @@ server3_3_link (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.newbname = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_link_req);
+         if (ret < 0) {
+                 //failed to decode msg;
+@@ -6227,6 +6211,7 @@ server3_3_link (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_link_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.newbname);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -6247,9 +6232,6 @@ server3_3_rename (rpcsvc_request_t *req)
+         if (!req)
+                 return ret;
+ 
+-        args.oldbname = alloca (req->msg[0].iov_len);
+-        args.newbname = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_rename_req);
+         if (ret < 0) {
+@@ -6291,6 +6273,8 @@ server3_3_rename (rpcsvc_request_t *req)
+         resolve_and_resume (frame, server_rename_resume);
+ out:
+         free (args.xdata.xdata_val);
+        free (args.newbname);
+        free (args.oldbname);
+ 
+         if (op_errno)
+                 SERVER_REQ_SET_ERROR (req, ret);
+@@ -6537,9 +6521,6 @@ server3_3_lookup (rpcsvc_request_t *req)
+ 
+         GF_VALIDATE_OR_GOTO ("server", req, err);
+ 
+-        args.bname           = alloca (req->msg[0].iov_len);
+-        args.xdata.xdata_val = alloca (req->msg[0].iov_len);
+-
+         ret = xdr_to_generic (req->msg[0], &args,
+                               (xdrproc_t)xdr_gfs3_lookup_req);
+         if (ret < 0) {
+@@ -6585,8 +6566,14 @@ server3_3_lookup (rpcsvc_request_t *req)
+         ret = 0;
+         resolve_and_resume (frame, server_lookup_resume);
+ 
+        free (args.bname);
+        free (args.xdata.xdata_val);
+
+         return ret;
+ out:
+        free (args.bname);
+        free (args.xdata.xdata_val);
+
+         server_lookup_cbk (frame, NULL, frame->this, -1, EINVAL, NULL, NULL,
+                            NULL, NULL);
+        ret = 0;
+-- 
+2.7.4
diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc
index 525b905..8243f28 100644
--- a/recipes-extended/glusterfs/glusterfs.inc
+++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -29,6 +29,7 @@ SRC_URI += "file://glusterd.init \
            file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \
            file://0005-cluster-afr-Fix-dict-leak-in-pre-op.patch \
            file://0006-posix-remove-not-supported-get-set-content.patch \
+            file://0007-protocol-don-t-use-alloca.patch \
           "
 LICENSE = "(LGPLv3+ | GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"
author	Chen Qi <Qi.Chen@windriver.com>	2018-09-26 10:36:31 +0800
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2018-09-30 21:34:09 -0400
commit	f0f6be2f83744acb9c5e0fd9424310862b52da04 (patch)
tree	37302a35833be3c59c4febb60a103c55450c3eeb /recipes-extended
parent	57e11a65b6ad83bde2ae57913ece940bb9b40a4e (diff)
download	meta-cloud-services-f0f6be2f83744acb9c5e0fd9424310862b52da04.tar.gz

diff --git a/recipes-extended/glusterfs/files/0007-protocol-don-t-use-alloca.patch b/recipes-extended/glusterfs/files/0007-protocol-don-t-use-alloca.patch new file mode 100644 index 0000000..bd45437 --- /dev/null +++ b/recipes-extended/glusterfs/files/0007-protocol-don-t-use-alloca.patch
@@ -0,0 +1,400 @@
		1	From 7d8d9bd27f245739a6f297e4ecfc87b90c783987 Mon Sep 17 00:00:00 2001
		2	From: Chen Qi <Qi.Chen@windriver.com>
		3	Date: Wed, 26 Sep 2018 09:47:28 +0800
		4	Subject: [PATCH 7/7] protocol: don't use alloca
		5
		6	current implementation of alloca can cause issues when strings larger
		7	than the allocated buffer is passed to the xdr. Hence it makes sense
		8	to allow XDR decode functions to deal with memory allocations, which
		9	we can free later.
		10
		11	Fixes: bz#1625097
		12
		13	Change-Id: I3a05553f5702de9575c244649ca0e5ac9abaac94
		14	Signed-off-by: Amar Tumballi <amarts@redhat.com>
		15
		16	Upstream-Status: Backport
		17
		18	Fix CVE-2018-10907
		19
		20	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		21	---
		22	xlators/protocol/server/src/server-rpc-fops.c \| 73 +++++++++++----------------
		23	1 file changed, 30 insertions(+), 43 deletions(-)
		24
		25	diff --git a/xlators/protocol/server/src/server-rpc-fops.c b/xlators/protocol/server/src/server-rpc-fops.c
		26	index 0ba4ffa..d3a44fc 100644
		27	--- a/xlators/protocol/server/src/server-rpc-fops.c
		28	+++ b/xlators/protocol/server/src/server-rpc-fops.c
		29	@@ -3983,8 +3983,6 @@ server3_3_create (rpcsvc_request_t *req)
		30	if (!req)
		31	return ret;
		32
		33	- args.bname = alloca (req->msg[0].iov_len);
		34	-
		35	ret = xdr_to_generic (req->msg[0], &args,
		36	(xdrproc_t)xdr_gfs3_create_req);
		37	if (ret < 0) {
		38	@@ -4034,6 +4032,7 @@ server3_3_create (rpcsvc_request_t *req)
		39	out:
		40	/* memory allocated by libc, don't use GF_FREE */
		41	free (args.xdata.xdata_val);
		42	+ free (args.bname);
		43
		44	if (op_errno)
		45	SERVER_REQ_SET_ERROR (req, ret);
		46	@@ -4693,8 +4692,6 @@ server3_3_unlink (rpcsvc_request_t *req)
		47	if (!req)
		48	return ret;
		49
		50	- args.bname = alloca (req->msg[0].iov_len);
		51	-
		52	ret = xdr_to_generic (req->msg[0], &args,
		53	(xdrproc_t)xdr_gfs3_unlink_req);
		54	if (ret < 0) {
		55	@@ -4734,6 +4731,7 @@ server3_3_unlink (rpcsvc_request_t *req)
		56	resolve_and_resume (frame, server_unlink_resume);
		57	out:
		58	free (args.xdata.xdata_val);
		59	+ free (args.bname);
		60
		61	if (op_errno)
		62	SERVER_REQ_SET_ERROR (req, ret);
		63	@@ -4755,8 +4753,6 @@ server3_3_setxattr (rpcsvc_request_t *req)
		64	if (!req)
		65	return ret;
		66
		67	- args.dict.dict_val = alloca (req->msg[0].iov_len);
		68	-
		69	ret = xdr_to_generic (req->msg[0], &args,
		70	(xdrproc_t)xdr_gfs3_setxattr_req);
		71	if (ret < 0) {
		72	@@ -4809,6 +4805,7 @@ server3_3_setxattr (rpcsvc_request_t *req)
		73
		74	out:
		75	free (args.xdata.xdata_val);
		76	+ free (args.dict.dict_val);
		77
		78	if (op_errno)
		79	SERVER_REQ_SET_ERROR (req, ret);
		80	@@ -4834,7 +4831,6 @@ server3_3_fsetxattr (rpcsvc_request_t *req)
		81	if (!req)
		82	return ret;
		83
		84	- args.dict.dict_val = alloca (req->msg[0].iov_len);
		85	ret = xdr_to_generic (req->msg[0], &args,
		86	(xdrproc_t)xdr_gfs3_fsetxattr_req);
		87	if (ret < 0) {
		88	@@ -4885,6 +4881,7 @@ server3_3_fsetxattr (rpcsvc_request_t *req)
		89
		90	out:
		91	free (args.xdata.xdata_val);
		92	+ free (args.dict.dict_val);
		93
		94	if (op_errno)
		95	SERVER_REQ_SET_ERROR (req, ret);
		96	@@ -4910,7 +4907,6 @@ server3_3_fxattrop (rpcsvc_request_t *req)
		97	if (!req)
		98	return ret;
		99
		100	- args.dict.dict_val = alloca (req->msg[0].iov_len);
		101	ret = xdr_to_generic (req->msg[0], &args,
		102	(xdrproc_t)xdr_gfs3_fxattrop_req);
		103	if (ret < 0) {
		104	@@ -4961,6 +4957,7 @@ server3_3_fxattrop (rpcsvc_request_t *req)
		105
		106	out:
		107	free (args.xdata.xdata_val);
		108	+ free (args.dict.dict_val);
		109
		110	if (op_errno)
		111	SERVER_REQ_SET_ERROR (req, ret);
		112	@@ -4986,8 +4983,6 @@ server3_3_xattrop (rpcsvc_request_t *req)
		113	if (!req)
		114	return ret;
		115
		116	- args.dict.dict_val = alloca (req->msg[0].iov_len);
		117	-
		118	ret = xdr_to_generic (req->msg[0], &args,
		119	(xdrproc_t)xdr_gfs3_xattrop_req);
		120	if (ret < 0) {
		121	@@ -5037,6 +5032,7 @@ server3_3_xattrop (rpcsvc_request_t *req)
		122
		123	out:
		124	free (args.xdata.xdata_val);
		125	+ free (args.dict.dict_val);
		126
		127	if (op_errno)
		128	SERVER_REQ_SET_ERROR (req, ret);
		129	@@ -5060,8 +5056,6 @@ server3_3_getxattr (rpcsvc_request_t *req)
		130	if (!req)
		131	return ret;
		132
		133	- args.name = alloca (256);
		134	-
		135	ret = xdr_to_generic (req->msg[0], &args,
		136	(xdrproc_t)xdr_gfs3_getxattr_req);
		137	if (ret < 0) {
		138	@@ -5104,6 +5098,7 @@ server3_3_getxattr (rpcsvc_request_t *req)
		139	resolve_and_resume (frame, server_getxattr_resume);
		140	out:
		141	free (args.xdata.xdata_val);
		142	+ free (args.name);
		143
		144	if (op_errno)
		145	SERVER_REQ_SET_ERROR (req, ret);
		146	@@ -5124,7 +5119,6 @@ server3_3_fgetxattr (rpcsvc_request_t *req)
		147	if (!req)
		148	return ret;
		149
		150	- args.name = alloca (256);
		151	ret = xdr_to_generic (req->msg[0], &args,
		152	(xdrproc_t)xdr_gfs3_fgetxattr_req);
		153	if (ret < 0) {
		154	@@ -5165,6 +5159,7 @@ server3_3_fgetxattr (rpcsvc_request_t *req)
		155	resolve_and_resume (frame, server_fgetxattr_resume);
		156	out:
		157	free (args.xdata.xdata_val);
		158	+ free (args.name);
		159
		160	if (op_errno)
		161	SERVER_REQ_SET_ERROR (req, ret);
		162	@@ -5186,8 +5181,6 @@ server3_3_removexattr (rpcsvc_request_t *req)
		163	if (!req)
		164	return ret;
		165
		166	- args.name = alloca (256);
		167	-
		168	ret = xdr_to_generic (req->msg[0], &args,
		169	(xdrproc_t)xdr_gfs3_removexattr_req);
		170	if (ret < 0) {
		171	@@ -5225,6 +5218,7 @@ server3_3_removexattr (rpcsvc_request_t *req)
		172	resolve_and_resume (frame, server_removexattr_resume);
		173	out:
		174	free (args.xdata.xdata_val);
		175	+ free (args.name);
		176
		177	if (op_errno)
		178	SERVER_REQ_SET_ERROR (req, ret);
		179	@@ -5244,8 +5238,6 @@ server3_3_fremovexattr (rpcsvc_request_t *req)
		180	if (!req)
		181	return ret;
		182
		183	- args.name = alloca (4096);
		184	-
		185	ret = xdr_to_generic (req->msg[0], &args,
		186	(xdrproc_t)xdr_gfs3_fremovexattr_req);
		187	if (ret < 0) {
		188	@@ -5284,6 +5276,7 @@ server3_3_fremovexattr (rpcsvc_request_t *req)
		189	resolve_and_resume (frame, server_fremovexattr_resume);
		190	out:
		191	free (args.xdata.xdata_val);
		192	+ free (args.name);
		193
		194	if (op_errno)
		195	SERVER_REQ_SET_ERROR (req, ret);
		196	@@ -5561,8 +5554,6 @@ server3_3_mknod (rpcsvc_request_t *req)
		197	if (!req)
		198	return ret;
		199
		200	- args.bname = alloca (req->msg[0].iov_len);
		201	-
		202	ret = xdr_to_generic (req->msg[0], &args,
		203	(xdrproc_t)xdr_gfs3_mknod_req);
		204	if (ret < 0) {
		205	@@ -5609,6 +5600,7 @@ out:
		206
		207	/* memory allocated by libc, don't use GF_FREE */
		208	free (args.xdata.xdata_val);
		209	+ free (args.bname);
		210
		211	return ret;
		212
		213	@@ -5627,8 +5619,6 @@ server3_3_mkdir (rpcsvc_request_t *req)
		214	if (!req)
		215	return ret;
		216
		217	- args.bname = alloca (req->msg[0].iov_len);
		218	-
		219	ret = xdr_to_generic (req->msg[0], &args,
		220	(xdrproc_t)xdr_gfs3_mkdir_req);
		221	if (ret < 0) {
		222	@@ -5674,6 +5664,7 @@ out:
		223	SERVER_REQ_SET_ERROR (req, ret);
		224
		225	free (args.xdata.xdata_val);
		226	+ free (args.bname);
		227
		228	return ret;
		229	}
		230	@@ -5691,8 +5682,6 @@ server3_3_rmdir (rpcsvc_request_t *req)
		231	if (!req)
		232	return ret;
		233
		234	- args.bname = alloca (req->msg[0].iov_len);
		235	-
		236	ret = xdr_to_generic (req->msg[0], &args,
		237	(xdrproc_t)xdr_gfs3_rmdir_req);
		238	if (ret < 0) {
		239	@@ -5732,6 +5721,7 @@ server3_3_rmdir (rpcsvc_request_t *req)
		240	resolve_and_resume (frame, server_rmdir_resume);
		241	out:
		242	free (args.xdata.xdata_val);
		243	+ free (args.bname);
		244
		245	if (op_errno)
		246	SERVER_REQ_SET_ERROR (req, ret);
		247	@@ -5754,8 +5744,6 @@ server3_3_inodelk (rpcsvc_request_t *req)
		248	if (!req)
		249	return ret;
		250
		251	- args.volume = alloca (256);
		252	-
		253	ret = xdr_to_generic (req->msg[0], &args,
		254	(xdrproc_t)xdr_gfs3_inodelk_req);
		255	if (ret < 0) {
		256	@@ -5822,6 +5810,7 @@ server3_3_inodelk (rpcsvc_request_t *req)
		257	resolve_and_resume (frame, server_inodelk_resume);
		258	out:
		259	free (args.xdata.xdata_val);
		260	+ free (args.volume);
		261
		262	free (args.flock.lk_owner.lk_owner_val);
		263
		264	@@ -5843,7 +5832,6 @@ server3_3_finodelk (rpcsvc_request_t *req)
		265	if (!req)
		266	return ret;
		267
		268	- args.volume = alloca (256);
		269	ret = xdr_to_generic (req->msg[0], &args,
		270	(xdrproc_t)xdr_gfs3_finodelk_req);
		271	if (ret < 0) {
		272	@@ -5911,6 +5899,7 @@ server3_3_finodelk (rpcsvc_request_t *req)
		273	resolve_and_resume (frame, server_finodelk_resume);
		274	out:
		275	free (args.xdata.xdata_val);
		276	+ free (args.volume);
		277
		278	free (args.flock.lk_owner.lk_owner_val);
		279
		280	@@ -5933,9 +5922,6 @@ server3_3_entrylk (rpcsvc_request_t *req)
		281	if (!req)
		282	return ret;
		283
		284	- args.volume = alloca (256);
		285	- args.name = alloca (256);
		286	-
		287	ret = xdr_to_generic (req->msg[0], &args,
		288	(xdrproc_t)xdr_gfs3_entrylk_req);
		289	if (ret < 0) {
		290	@@ -5979,6 +5965,8 @@ server3_3_entrylk (rpcsvc_request_t *req)
		291	resolve_and_resume (frame, server_entrylk_resume);
		292	out:
		293	free (args.xdata.xdata_val);
		294	+ free (args.volume);
		295	+ free (args.name);
		296
		297	if (op_errno)
		298	SERVER_REQ_SET_ERROR (req, ret);
		299	@@ -5998,9 +5986,6 @@ server3_3_fentrylk (rpcsvc_request_t *req)
		300	if (!req)
		301	return ret;
		302
		303	- args.name = alloca (256);
		304	- args.volume = alloca (256);
		305	-
		306	ret = xdr_to_generic (req->msg[0], &args,
		307	(xdrproc_t)xdr_gfs3_fentrylk_req);
		308	if (ret < 0) {
		309	@@ -6044,6 +6029,8 @@ server3_3_fentrylk (rpcsvc_request_t *req)
		310	resolve_and_resume (frame, server_fentrylk_resume);
		311	out:
		312	free (args.xdata.xdata_val);
		313	+ free (args.volume);
		314	+ free (args.name);
		315
		316	if (op_errno)
		317	SERVER_REQ_SET_ERROR (req, ret);
		318	@@ -6121,9 +6108,6 @@ server3_3_symlink (rpcsvc_request_t *req)
		319	if (!req)
		320	return ret;
		321
		322	- args.bname = alloca (req->msg[0].iov_len);
		323	- args.linkname = alloca (4096);
		324	-
		325	ret = xdr_to_generic (req->msg[0], &args,
		326	(xdrproc_t)xdr_gfs3_symlink_req);
		327	if (ret < 0) {
		328	@@ -6168,6 +6152,8 @@ out:
		329
		330	/* memory allocated by libc, don't use GF_FREE */
		331	free (args.xdata.xdata_val);
		332	+ free (args.linkname);
		333	+ free (args.bname);
		334
		335	return ret;
		336	}
		337	@@ -6186,8 +6172,6 @@ server3_3_link (rpcsvc_request_t *req)
		338	if (!req)
		339	return ret;
		340
		341	- args.newbname = alloca (req->msg[0].iov_len);
		342	-
		343	ret = xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gfs3_link_req);
		344	if (ret < 0) {
		345	//failed to decode msg;
		346	@@ -6227,6 +6211,7 @@ server3_3_link (rpcsvc_request_t *req)
		347	resolve_and_resume (frame, server_link_resume);
		348	out:
		349	free (args.xdata.xdata_val);
		350	+ free (args.newbname);
		351
		352	if (op_errno)
		353	SERVER_REQ_SET_ERROR (req, ret);
		354	@@ -6247,9 +6232,6 @@ server3_3_rename (rpcsvc_request_t *req)
		355	if (!req)
		356	return ret;
		357
		358	- args.oldbname = alloca (req->msg[0].iov_len);
		359	- args.newbname = alloca (req->msg[0].iov_len);
		360	-
		361	ret = xdr_to_generic (req->msg[0], &args,
		362	(xdrproc_t)xdr_gfs3_rename_req);
		363	if (ret < 0) {
		364	@@ -6291,6 +6273,8 @@ server3_3_rename (rpcsvc_request_t *req)
		365	resolve_and_resume (frame, server_rename_resume);
		366	out:
		367	free (args.xdata.xdata_val);
		368	+ free (args.newbname);
		369	+ free (args.oldbname);
		370
		371	if (op_errno)
		372	SERVER_REQ_SET_ERROR (req, ret);
		373	@@ -6537,9 +6521,6 @@ server3_3_lookup (rpcsvc_request_t *req)
		374
		375	GF_VALIDATE_OR_GOTO ("server", req, err);
		376
		377	- args.bname = alloca (req->msg[0].iov_len);
		378	- args.xdata.xdata_val = alloca (req->msg[0].iov_len);
		379	-
		380	ret = xdr_to_generic (req->msg[0], &args,
		381	(xdrproc_t)xdr_gfs3_lookup_req);
		382	if (ret < 0) {
		383	@@ -6585,8 +6566,14 @@ server3_3_lookup (rpcsvc_request_t *req)
		384	ret = 0;
		385	resolve_and_resume (frame, server_lookup_resume);
		386
		387	+ free (args.bname);
		388	+ free (args.xdata.xdata_val);
		389	+
		390	return ret;
		391	out:
		392	+ free (args.bname);
		393	+ free (args.xdata.xdata_val);
		394	+
		395	server_lookup_cbk (frame, NULL, frame->this, -1, EINVAL, NULL, NULL,
		396	NULL, NULL);
		397	ret = 0;
		398	--
		399	2.7.4
		400


diff --git a/recipes-extended/glusterfs/glusterfs.inc b/recipes-extended/glusterfs/glusterfs.inc index 525b905..8243f28 100644 --- a/recipes-extended/glusterfs/glusterfs.inc +++ b/recipes-extended/glusterfs/glusterfs.inc
@@ -29,6 +29,7 @@ SRC_URI += "file://glusterd.init \
29	file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \	29	file://0004-io-stats-dump-io-stats-info-in-var-run-gluster.patch \
30	file://0005-cluster-afr-Fix-dict-leak-in-pre-op.patch \	30	file://0005-cluster-afr-Fix-dict-leak-in-pre-op.patch \
31	file://0006-posix-remove-not-supported-get-set-content.patch \	31	file://0006-posix-remove-not-supported-get-set-content.patch \
		32	file://0007-protocol-don-t-use-alloca.patch \
32	"	33	"
33		34
34	LICENSE = "(LGPLv3+ \| GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"	35	LICENSE = "(LGPLv3+ \| GPLv2) & GPLv3+ & LGPLv3+ & GPLv2+ & LGPLv2+ & LGPLv2.1+ & Apache-2.0"