Re: GlusterFS QA efforts - an initial submission

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Replying to myself yet again with an update of my QA efforts:

I've now patched 13 security issues out of 37 potential issues detected by 
FlawFinder - these were in glusterfs and xlator/mount/fuse (formerly 
glusterfs-fuse and glusterfsd). Support is added in configure.ac for strlcat 
and strlcpy, and a few other GNU-only functions like asprintf and family, as 
the QA patches (and glusterfs code base) depend on support for these 
functions which may not be available on all POSIX systems. I'm now extending 
my QA efforts into libglusterfs.

I've also fixed a libglusterfs/protocol.c max_block_size issue that prevented 
proper function on some systems (notably, my Gentoo Hardened systems), making 
glusterfs functional on these systems (at least for the QA example specs) for 
the first time since TLA patch-636. 

The protocol.c issue was producing the following non-fatal (but 
function-preventing) server warnings:

2008-02-27 16:38:25 E [protocol.c:330:gf_block_unserialize_transport] server8: 
frame size (80) > max (-2147415040)
2008-02-27 16:38:30 E [protocol.c:330:gf_block_unserialize_transport] server8: 
frame size (85) > max (-2147415040)

The code in the pastebins mentioned in my previous posts is now obsolete - 
I've now posted on the gluster Savannah patch tracker an archive of the TLA 
mkpatch output for my most recent changes. These are relative to TLA 
patch-688.

As I've been able to restore glusterfs function on my test system, I'm now 
able to test my work. All the patches appear to work correctly on a Gentoo 
Hardened/i686 system (Athlon 64 Dual Core with 32-bit libraries only) using a 
2.6.23 kernel and FUSE 2.7.2 GLFS8.

I hope others find these patches useful.

Kind regards,

Geoff Kassel.

On Tue, 19 Feb 2008, Geoff Kassel wrote:
> Replying to myself here with some additions and revisions.
>
> Updated changes to glusterfsd/src/glusterfsd.c (comment clarification + TLA
> mkpatch generated now) in http://glusterfs.pastebin.com/f1437e17b
>
> Added QA patch for glusterfs-fuse/src/glusterfs.c in
> http://glusterfs.pastebin.com/f918477b
>
> I can supply an archive of a mkpatch changeset on request.
>
> Cheers,
>
> Geoff Kassel.
>
> On Sun, 17 Feb 2008, Geoff Kassel wrote:
> > Hi all,
> >    I'm starting some QA work on the GlusterFS code base - just using the
> > open-source tool FlawFinder (http://www.dwheeler.com/flawfinder) for now.
> > Here's my QA work on the main GlusterFS daemon file, glusterfsd.c - see
> > my diff at http://glusterfs.pastebin.com/f1437e17b which is applied
> > against TLA patch-666.
> >
> >    The changes build - unfortunately, I can't test it, as I haven't had a
> > version of GlusterFS work properly for me under my Hardened Gentoo
> > systems since patch-636. (Hence why I'm starting the QA efforts.)
> >
> >    Please let me know if my code comments and fixes are inappropriate -
> > especially if I've actually made things worse, security/quality wise.
> >
> > Kind regards,
> >
> > Geoff Kassel.
> >
> >
> > _______________________________________________
> > Gluster-devel mailing list
> > Gluster-devel@xxxxxxxxxx
> > http://lists.nongnu.org/mailman/listinfo/gluster-devel
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel@xxxxxxxxxx
> http://lists.nongnu.org/mailman/listinfo/gluster-devel




[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux