sanlock-devel October 2025

sanlock-devel@lists.fedorahosted.org

1 participants
2 discussions

[sanlock] branch master updated: sanlock: verify input paths are terminated
by pagure＠pagure.io 09 Oct '25

09 Oct '25

This is an automated email from the git hooks/post-receive script. teigland pushed a commit to branch master in repository sanlock. The following commit(s) were added to refs/heads/master by this push: new 8ec218f sanlock: verify input paths are terminated 8ec218f is described below commit 8ec218f0e1afb8d0f26b7ae1dd3f055059350eb5 Author: David Teigland <teigland(a)redhat.com> AuthorDate: Thu Oct 9 13:40:09 2025 -0500 sanlock: verify input paths are terminated --- src/client.c | 69 ++++++++++++++++++++++++++++++++++++------- src/cmd.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 137 insertions(+), 27 deletions(-) diff --git a/src/client.c b/src/client.c index 3483036..0d5c51b 100644 --- a/src/client.c +++ b/src/client.c @@ -183,10 +183,28 @@ retry: return 0; } +static int validate_res_disk_paths(struct sanlk_resource *res) +{ + int i; + + if (!res) + return -EINVAL; + + for (i = 0; i < res->num_disks; i++) { + if (!memchr(res->disks[i].path, '\0', SANLK_PATH_LEN)) + return -EINVAL; + } + + return 0; +} + static int cmd_lockspace(int cmd, struct sanlk_lockspace *ls, uint32_t flags, uint32_t data) { int rv, fd; + if (!ls || !ls->host_id_disk.path[0] || !memchr(ls->host_id_disk.path, '\0', SANLK_PATH_LEN)) + return -EINVAL; + rv = connect_socket(&fd); if (rv < 0) return rv; @@ -477,7 +495,7 @@ int sanlock_read_lockspace_host(struct sanlk_lockspace *ls, uint32_t flags, uint struct sm_header h; int rv, fd; - if (!ls || !ls->host_id_disk.path[0]) + if (!ls || !ls->host_id_disk.path[0] || !memchr(ls->host_id_disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; rv = connect_socket(&fd); @@ -547,7 +565,7 @@ int sanlock_read_lockspace(struct sanlk_lockspace *ls, uint32_t flags, uint32_t struct sm_header h; int rv, fd; - if (!ls || !ls->host_id_disk.path[0]) + if (!ls || !ls->host_id_disk.path[0] || !memchr(ls->host_id_disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; rv = connect_socket(&fd); @@ -612,6 +630,10 @@ int sanlock_read_resource(struct sanlk_resource *res, uint32_t flags) !res->disks[0].path[0]) return -EINVAL; + rv = validate_res_disk_paths(res); + if (rv < 0) + return rv; + rv = connect_socket(&fd); if (rv < 0) return rv; @@ -678,7 +700,8 @@ int sanlock_init_lockspace_host(struct sanlk_lockspace *ls, char name[NAME_ID_SIZE + 1] = { 0 }; int rv, fd; - if (!ls || !ls->name[0] || !ls->host_id_disk.path[0] || !ls->host_id) + if (!ls || !ls->name[0] || !ls->host_id_disk.path[0] || !ls->host_id || + !memchr(ls->host_id_disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; leader.owner_generation = generation; @@ -722,7 +745,7 @@ int sanlock_write_lockspace(struct sanlk_lockspace *ls, int max_hosts, { int rv, fd; - if (!ls || !ls->host_id_disk.path[0]) + if (!ls || !ls->host_id_disk.path[0] || !memchr(ls->host_id_disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; rv = connect_socket(&fd); @@ -756,6 +779,10 @@ int sanlock_write_resource(struct sanlk_resource *res, !res->disks[0].path[0]) return -EINVAL; + rv = validate_res_disk_paths(res); + if (rv < 0) + return rv; + rv = connect_socket(&fd); if (rv < 0) return rv; @@ -796,6 +823,10 @@ int sanlock_read_resource_owners(struct sanlk_resource *res, uint32_t flags, !res->disks[0].path[0]) return -EINVAL; + rv = validate_res_disk_paths(res); + if (rv < 0) + return rv; + rv = connect_socket(&fd); if (rv < 0) return rv; @@ -1282,6 +1313,10 @@ int sanlock_acquire2(int sock, int pid, uint32_t flags, if (res->num_disks != 1) return -EINVAL; + rv = validate_res_disk_paths(res); + if (rv < 0) + return rv; + if (opt_in) memcpy(&opt, opt_in, sizeof(struct sanlk_options)); @@ -1379,6 +1414,10 @@ int sanlock_acquire(int sock, int pid, uint32_t flags, int res_count, if (res->num_disks > SANLK_MAX_DISKS) return -EINVAL; + rv = validate_res_disk_paths(res); + if (rv < 0) + return rv; + datalen += (res->num_disks * sizeof(struct sanlk_disk)); } @@ -1623,6 +1662,10 @@ int sanlock_request(uint32_t flags, uint32_t force_mode, if (!res) return -EINVAL; + rv = validate_res_disk_paths(res); + if (rv < 0) + return rv; + datalen = sizeof(struct sanlk_resource) + sizeof(struct sanlk_disk) * res->num_disks; @@ -1666,6 +1709,8 @@ int sanlock_examine(uint32_t flags, struct sanlk_lockspace *ls, return rv; if (ls && ls->host_id_disk.path[0]) { + if (!memchr(ls->host_id_disk.path, '\0', SANLK_PATH_LEN)) + return -EINVAL; cmd = SM_CMD_EXAMINE_LOCKSPACE; datalen = sizeof(struct sanlk_lockspace); data = (char *)ls; @@ -1799,7 +1844,7 @@ int sanlock_format_rindex(struct sanlk_rindex *rx, uint32_t flags) { int rv, fd; - if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0]) + if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !memchr(rx->disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; rv = connect_socket(&fd); @@ -1827,7 +1872,7 @@ int sanlock_rebuild_rindex(struct sanlk_rindex *rx, uint32_t flags) { int rv, fd; - if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0]) + if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !memchr(rx->disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; rv = connect_socket(&fd); @@ -1859,7 +1904,8 @@ int sanlock_update_rindex(struct sanlk_rindex *rx, uint32_t flags, memset(&re_recv, 0, sizeof(re_recv)); - if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !re) + if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !re || + !memchr(rx->disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; rv = connect_socket(&fd); @@ -1915,7 +1961,8 @@ int sanlock_lookup_rindex(struct sanlk_rindex *rx, uint32_t flags, memset(&re_recv, 0, sizeof(re_recv)); - if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !re) + if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !re || + !memchr(rx->disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; rv = connect_socket(&fd); @@ -1972,7 +2019,8 @@ int sanlock_create_resource(struct sanlk_rindex *rx, uint32_t flags, memset(&re_recv, 0, sizeof(re_recv)); - if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !re) + if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !re || + !memchr(rx->disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; rv = connect_socket(&fd); @@ -2028,7 +2076,8 @@ int sanlock_delete_resource(struct sanlk_rindex *rx, uint32_t flags, memset(&re_recv, 0, sizeof(re_recv)); - if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !re) + if (!rx || !rx->lockspace_name[0] || !rx->disk.path[0] || !re || + !memchr(rx->disk.path, '\0', SANLK_PATH_LEN)) return -EINVAL; rv = connect_socket(&fd); diff --git a/src/cmd.c b/src/cmd.c index f7eaecc..63cd22d 100644 --- a/src/cmd.c +++ b/src/cmd.c @@ -342,10 +342,16 @@ static void cmd_acquire(struct task *task, struct cmd_args *ca, uint32_t cmd) goto done; } - /* zero out pad1 and pad2, see WARNING above */ for (j = 0; j < token->r.num_disks; j++) { + /* zero out pad1 and pad2, see WARNING above */ token->disks[j].sector_size = 0; token->disks[j].fd = -1; + + if (!token->disks[j].path[0] || !memchr(token->disks[j].path, '\0', SANLK_PATH_LEN)) { + free(token); + result = -ENODEV; + goto done; + } } token->token_id = token_id_counter++; @@ -1092,10 +1098,15 @@ static void cmd_request(struct task *task, struct cmd_args *ca, uint32_t cmd) goto reply_free; } - /* zero out pad1 and pad2, see WARNING above */ for (j = 0; j < token->r.num_disks; j++) { + /* zero out pad1 and pad2, see WARNING above */ token->disks[j].sector_size = 0; token->disks[j].fd = -1; + + if (!token->disks[j].path[0] || !memchr(token->disks[j].path, '\0', SANLK_PATH_LEN)) { + result = -ENODEV; + goto reply_free; + } } log_cmd(cmd, "cmd_request %d,%d force_mode %u %.48s:%.48s:%.256s:%llu", @@ -1347,6 +1358,15 @@ void daemon_shutdown_reply(void) client_resume(shutdown_reply_ci); } +static int validate_lockspace_path(struct sanlk_lockspace *ls) +{ + if (!ls->host_id_disk.path[0] || !memchr(ls->host_id_disk.path, '\0', SANLK_PATH_LEN)) { + log_error("Invalid lockspace path."); + return -ENODEV; + } + return 0; +} + static void cmd_add_lockspace(struct cmd_args *ca, uint32_t cmd) { struct sanlk_lockspace lockspace; @@ -1366,6 +1386,12 @@ static void cmd_add_lockspace(struct cmd_args *ca, uint32_t cmd) goto reply; } + rv = validate_lockspace_path(&lockspace); + if (rv < 0) { + result = rv; + goto reply; + } + log_cmd(cmd, "cmd_add_lockspace %d,%d %.48s:%llu:%s:%llu flags %x timeout %u", ca->ci_in, fd, lockspace.name, (unsigned long long)lockspace.host_id, @@ -1415,6 +1441,12 @@ static void cmd_inq_lockspace(struct cmd_args *ca, uint32_t cmd) goto reply; } + rv = validate_lockspace_path(&lockspace); + if (rv < 0) { + result = rv; + goto reply; + } + log_cmd(cmd, "cmd_inq_lockspace %d,%d %.48s:%llu:%s:%llu flags %x", ca->ci_in, fd, lockspace.name, (unsigned long long)lockspace.host_id, @@ -1499,6 +1531,12 @@ static void cmd_rem_lockspace(struct cmd_args *ca, uint32_t cmd) goto reply; } + rv = validate_lockspace_path(&lockspace); + if (rv < 0) { + result = rv; + goto reply; + } + log_cmd(cmd, "cmd_rem_lockspace %d,%d %.48s flags %x", ca->ci_in, fd, lockspace.name, ca->header.cmd_flags); @@ -1549,7 +1587,7 @@ static void cmd_align(struct task *task GNUC_UNUSED, struct cmd_args *ca, uint32 log_cmd(cmd, "cmd_align %d,%d", ca->ci_in, fd); - if (!disk.path[0]) { + if (!disk.path[0] || !memchr(disk.path, '\0', SANLK_PATH_LEN)) { result = -ENODEV; goto reply; } @@ -1596,6 +1634,12 @@ static void cmd_read_lockspace(struct task *task, struct cmd_args *ca, uint32_t goto reply; } + rv = validate_lockspace_path(&lockspace); + if (rv < 0) { + result = rv; + goto reply; + } + if (!lockspace.host_id) host_id = 1; else @@ -1608,11 +1652,6 @@ static void cmd_read_lockspace(struct task *task, struct cmd_args *ca, uint32_t lockspace.host_id_disk.path, (unsigned long long)lockspace.host_id_disk.offset); - if (!lockspace.host_id_disk.path[0]) { - result = -ENODEV; - goto reply; - } - memset(&sd, 0, sizeof(struct sync_disk)); memcpy(&sd, &lockspace.host_id_disk, sizeof(struct sanlk_disk)); sd.fd = -1; @@ -1729,10 +1768,15 @@ static void cmd_read_resource(struct task *task, struct cmd_args *ca, uint32_t c goto reply; } - /* zero out pad1 and pad2, see WARNING above */ for (j = 0; j < token->r.num_disks; j++) { + /* zero out pad1 and pad2, see WARNING above */ token->disks[j].sector_size = 0; token->disks[j].fd = -1; + + if (!token->disks[j].path[0] || !memchr(token->disks[j].path, '\0', SANLK_PATH_LEN)) { + result = -ENODEV; + goto reply; + } } log_cmd(cmd, "cmd_read_resource %d,%d %.256s:%llu", @@ -1830,10 +1874,15 @@ static void cmd_read_resource_owners(struct task *task, struct cmd_args *ca, uin goto reply; } - /* zero out pad1 and pad2, see WARNING above */ for (j = 0; j < token->r.num_disks; j++) { + /* zero out pad1 and pad2, see WARNING above */ token->disks[j].sector_size = 0; token->disks[j].fd = -1; + + if (!token->disks[j].path[0] || !memchr(token->disks[j].path, '\0', SANLK_PATH_LEN)) { + result = -ENODEV; + goto reply; + } } log_cmd(cmd, "cmd_read_resource_owners %d,%d %.256s:%llu", @@ -1910,6 +1959,12 @@ static void cmd_init_lockspace_host(struct task *task, struct cmd_args *ca, uint goto reply; } + rv = validate_lockspace_path(&lockspace); + if (rv < 0) { + result = rv; + goto reply; + } + log_cmd(cmd, "cmd_init_lockspace_host %d,%d %.48s:%llu:%s:%llu 0x%x", ca->ci_in, fd, lockspace.name, (unsigned long long)lockspace.host_id, @@ -1917,7 +1972,7 @@ static void cmd_init_lockspace_host(struct task *task, struct cmd_args *ca, uint (unsigned long long)lockspace.host_id_disk.offset, lockspace.flags); - if (!lockspace.host_id_disk.path[0] || !lockspace.host_id) { + if (!lockspace.host_id) { result = -EINVAL; goto reply; } @@ -1969,6 +2024,12 @@ static void cmd_write_lockspace(struct task *task, struct cmd_args *ca, uint32_t goto reply; } + rv = validate_lockspace_path(&lockspace); + if (rv < 0) { + result = rv; + goto reply; + } + log_cmd(cmd, "cmd_write_lockspace %d,%d %.48s:%llu:%s:%llu 0x%x", ca->ci_in, fd, lockspace.name, (unsigned long long)lockspace.host_id, @@ -1976,11 +2037,6 @@ static void cmd_write_lockspace(struct task *task, struct cmd_args *ca, uint32_t (unsigned long long)lockspace.host_id_disk.offset, lockspace.flags); - if (!lockspace.host_id_disk.path[0]) { - result = -ENODEV; - goto reply; - } - /* No longer used, max_hosts is derived from sector/align sizes. */ /* max_hosts = ca->header.data; */ @@ -2062,10 +2118,15 @@ static void cmd_write_resource(struct task *task, struct cmd_args *ca, uint32_t goto reply; } - /* zero out pad1 and pad2, see WARNING above */ for (j = 0; j < token->r.num_disks; j++) { + /* zero out pad1 and pad2, see WARNING above */ token->disks[j].sector_size = 0; token->disks[j].fd = -1; + + if (!token->disks[j].path[0] || !memchr(token->disks[j].path, '\0', SANLK_PATH_LEN)) { + result = -ENODEV; + goto reply; + } } log_cmd(cmd, "cmd_write_resource %d,%d %.48s:%.48s:%.256s:%llu 0x%x", -- To stop receiving notification emails like this one, please contact the administrator of this repository.

1 0

[sanlock] branch master updated: release 4.1.0
by pagure＠pagure.io 02 Oct '25

02 Oct '25

This is an automated email from the git hooks/post-receive script. teigland pushed a commit to branch master in repository sanlock. The following commit(s) were added to refs/heads/master by this push: new 5701302 release 4.1.0 5701302 is described below commit 57013022da9c06c13f65a24684522a04323f59b6 Author: David Teigland <teigland(a)redhat.com> AuthorDate: Thu Oct 2 13:47:44 2025 -0500 release 4.1.0 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index fcdb2e1..ee74734 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.0.0 +4.1.0 -- To stop receiving notification emails like this one, please contact the administrator of this repository.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

sanlock-devel October 2025