client/server: ensure we don't overrun memory for long option values

author Jens Axboe <axboe@fb.com>

Wed, 16 Dec 2015 04:02:51 +0000 (21:02 -0700)

committer Jens Axboe <axboe@fb.com>

Wed, 16 Dec 2015 04:02:51 +0000 (21:02 -0700)
author Jens Axboe <axboe@fb.com>
Wed, 16 Dec 2015 04:02:51 +0000 (21:02 -0700)
committer Jens Axboe <axboe@fb.com>
Wed, 16 Dec 2015 04:02:51 +0000 (21:02 -0700)
diff --git a/client.c b/client.c

index 932c665c1bbcc5fbfbce810d992323c48b44fd63..637cd3fb5332dac5a552e19459fe344a807bf625 100644 (file)
--- a/client.c
+++ b/client.c
@@ -1003,7 +1003,8 @@ static void handle_job_opt(struct fio_client *client, struct fio_net_cmd *cmd)
                 return;
  
         pdu->global = le16_to_cpu(pdu->global);
                 return;
  
         pdu->global = le16_to_cpu(pdu->global);
-       pdu->groupid = le16_to_cpu(pdu->groupid);
+       pdu->truncated = le16_to_cpu(pdu->truncated);
+       pdu->groupid = le32_to_cpu(pdu->groupid);
  
         p = malloc(sizeof(*p));
         p->name = strdup((char *) pdu->name);
  
         p = malloc(sizeof(*p));
         p->name = strdup((char *) pdu->name);
diff --git a/server.c b/server.c

index 38a6bf8543c71fc3f0d48b743c222d4b03a9fea0..f11e97278b20f52614269087e37393b2e94b3bf1 100644 (file)
--- a/server.c
+++ b/server.c
@@ -1523,19 +1523,32 @@ void fio_server_send_job_options(struct flist_head *opt_list,
  
         flist_for_each(entry, opt_list) {
                 struct print_option *p;
  
         flist_for_each(entry, opt_list) {
                 struct print_option *p;
+               size_t len;
  
                 p = flist_entry(entry, struct print_option, list);
                 memset(&pdu, 0, sizeof(pdu));
  
                 p = flist_entry(entry, struct print_option, list);
                 memset(&pdu, 0, sizeof(pdu));
+
                 if (groupid == -1U) {
                         pdu.global = __cpu_to_le16(1);
                         pdu.groupid = 0;
                 } else {
                         pdu.global = 0;
                 if (groupid == -1U) {
                         pdu.global = __cpu_to_le16(1);
                         pdu.groupid = 0;
                 } else {
                         pdu.global = 0;
-                       pdu.groupid = __cpu_to_le16(groupid);
+                       pdu.groupid = cpu_to_le32(groupid);
+               }
+               len = strlen(p->name);
+               if (len >= sizeof(pdu.name)) {
+                       len = sizeof(pdu.name) - 1;
+                       pdu.truncated = __cpu_to_le16(1);
+               }
+               memcpy(pdu.name, p->name, len);
+               if (p->value) {
+                       len = strlen(p->value);
+                       if (len >= sizeof(pdu.value)) {
+                               len = sizeof(pdu.value) - 1;
+                               pdu.truncated = __cpu_to_le16(1);
+                       }
+                       memcpy(pdu.value, p->value, len);
                 }
                 }
-               memcpy(pdu.name, p->name, strlen(p->name));
-               if (p->value)
-                       memcpy(pdu.value, p->value, strlen(p->value));
                 fio_net_queue_cmd(FIO_NET_CMD_JOB_OPT, &pdu, sizeof(pdu), NULL, SK_F_COPY);
         }
  }
                 fio_net_queue_cmd(FIO_NET_CMD_JOB_OPT, &pdu, sizeof(pdu), NULL, SK_F_COPY);
         }
  }
diff --git a/server.h b/server.h

index fca9a87407247c7f8c5f8874398c090950b7d91b..dc4a4198e5d82ff79bb76d3e51d2fff58523773a 100644 (file)
--- a/server.h
+++ b/server.h
@@ -184,7 +184,8 @@ struct cmd_iolog_pdu {
  
  struct cmd_job_option {
         uint16_t global;
  
  struct cmd_job_option {
         uint16_t global;
-       uint16_t groupid;
+       uint16_t truncated;
+       uint32_t groupid;
         uint8_t name[64];
         uint8_t value[128];
  };
         uint8_t name[64];
         uint8_t value[128];
  };
author	Jens Axboe <axboe@fb.com>
	Wed, 16 Dec 2015 04:02:51 +0000 (21:02 -0700)
committer	Jens Axboe <axboe@fb.com>
	Wed, 16 Dec 2015 04:02:51 +0000 (21:02 -0700)
client.c		patch \| blob \| blame \| history
server.c		patch \| blob \| blame \| history
server.h		patch \| blob \| blame \| history