Uploaded image for project: 'CUBRID Engine'
  1. CUBRID Engine
  2. ENGINE-106

PATH_MAX not taken into consideration by MAKE_FILEPATH

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9.2, banana
    • Component/s: CUBRID Engine
    • Labels:
      None
    • Environment:

      Ubuntu any version when building with dpkg-buildpackage

      Description

      At line 478 in broker_config.c the system throws a buffer overflow exception and crashes when starting broker_monitor or shard_admin.

      The reason is the MAKE_FILEPATH in broker_util.h and the fact that it does not check properly the dest variable.

      If you change in broker_config.h the value:
      #define CONF_LOG_FILE_LEN 128

      to 4096 (which is the value of PATH_MAX in Ubuntu), then the crash does not happen.

      The result of realpath function is of size PATH_MAX (4096) while the buffer in which the result should be stored is of only 128 characters.

      I have attached the callstack of the crash.

      A solution that worked, but of course can lead to other consequences is:

      {code}
      #define MAKE_FILEPATH(dest,src) \
      do { \
      if ((src) == NULL || (src)[0] == 0) { \ (dest)[0] = 0; \ } else {\
      char cubrid_shard_buff[4096]; \
      char* cubrid_shard_result = realpath ((src), cubrid_shard_buff); \
      if (cubrid_shard_result == NULL) { \ strncpy ((dest), (src), 127); \ } \
      else { \ strncpy ((dest), cubrid_shard_buff, 127); \ }\
      } \
      } while (0){code}

      the 4096 should be replaced with PATH_MAX or 4096 if no path_max variable found, while the 127 should be replaced with the size of the dest directory - 1 (here is the main issue as the size cannot be obtained from MAKE_FILEPATH so it should be given as parameter for every call of MAKE_FILEPATH most likely).

      1. error.txt
        2 kB
        Veliscu Ovidiu

        Issue Links

          Activity

          Hide
          ovidiu.veliscu Veliscu Ovidiu added a comment -

          I tested the 9.2 latest source to see if the issue has been fixed.

          The cubrid_broker works fine now, but running shard_broker_monitor gives the same error.

          This issue (shard_broker_monitor fail) occurred with CUBRID 8.4.3 also, so it is very likely to occur with CUBRID 8.4.4 as well.

          Note: The error is the same buffer overflow detected issue.

          Show
          ovidiu.veliscu Veliscu Ovidiu added a comment - I tested the 9.2 latest source to see if the issue has been fixed. The cubrid_broker works fine now, but running shard_broker_monitor gives the same error. This issue (shard_broker_monitor fail) occurred with CUBRID 8.4.3 also, so it is very likely to occur with CUBRID 8.4.4 as well. Note: The error is the same buffer overflow detected issue.
          Hide
          eugen.stoianovici Eugen Stoianovici added a comment -

          Is it the same issue? can you post a call stack?

          Show
          eugen.stoianovici Eugen Stoianovici added a comment - Is it the same issue? can you post a call stack?
          Hide
          ovidiu.veliscu Veliscu Ovidiu added a comment -

          It's the exact same error. It just still occurs in shard_broker_monitor for CUBRID 8.4.3 and 9.2. In CUBRID 9.1 it occurred for cubrid_broker also.

          Show
          ovidiu.veliscu Veliscu Ovidiu added a comment - It's the exact same error. It just still occurs in shard_broker_monitor for CUBRID 8.4.3 and 9.2. In CUBRID 9.1 it occurred for cubrid_broker also.
          Show
          kadishmal Esen Sagynov added a comment - Have reopened BTS issue and reported your observations. http://bts4.nhncorp.com/nhnbts/browse/CUBRIDSUS-10918?focusedCommentId=4645748&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-4645748
          Hide
          kadishmal Esen Sagynov added a comment -

          The developer has fixed this issue and have left the following comment.

          A regression of other issue is fixed. Please, do a test.

          Show
          kadishmal Esen Sagynov added a comment - The developer has fixed this issue and have left the following comment. A regression of other issue is fixed. Please, do a test.

            People

            • Assignee:
              kadishmal Esen Sagynov
              Reporter:
              ovidiu.veliscu Veliscu Ovidiu
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: