thr3ads.net - Lustre devel - [Lustre-devel] [Bug 12054] New: mkfs.lustre does not perform proper bounds checking on mkfsoptions [Mar 2007]

If this information is useful, please help other people find it:
Share via:

scjody@clusterfs.com

2007-Mar-27 19:48 UTC

[Lustre-devel] [Bug 12054] New: mkfs.lustre does not perform proper bounds checking on mkfsoptions

Please don''t reply to lustre-devel. Instead, comment in Bugzilla by
using the following link:
https://bugzilla.lustre.org/show_bug.cgi?id=12054



mkfs.lustre reads mkfsoptions from the user and stores it in a fixed-length
string buffer with a bounds check to ensure the string from the user fits in
memory.  Unfortunately, it then adds various options to the string from the user
using strcat() without performing additional bounds checks.

Therefore if the user specifies an mkfsoptions string that is too long, the
options added internally will overflow the buffer and the program will behave
erratically.  For example:

]# mkfs.lustre --reformat --mdt --mgs --device-size=10000
--mkfsoptions="0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF"
/tmp/foo

   Permanent disk data:
Target:     lustre-MDTffff
Index:      unassigned
Lustre FS:  lustre
Mount type: ldiskfs
Flags:      0x75
              (MDT MGS needs_index first_time update )
Persistent mount opts: errors=remount-ro,iopen_nopriv,user_xattr
Parameters:

formatting backing filesystem ldiskfs on -i 4096 -I 512 -q -O dir_index -F
        target name  lustre-MDTffff
        4k blocks     2500
        options      
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDE
-i 4096 -I 512 -q -O dir_index -F
mkfs_cmd = mkfs.ext2 -j -b 4096 -L lustre-MDTffff
0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDE
-i 4096 -I 512 -q -O dir_index -F -i 4096 -I 512 -q -O dir_index -F 2500
   mkfs.ext2: No such file or directory while trying to determine filesystem
size

mkfs.lustre FATAL: Unable to build fs -i 4096 -I 512 -q -O dir_index -F (256)

mkfs.lustre FATAL: mkfs failed 256
   losetup: invalid option -- i
   usage:
     losetup loop_device                                      # give info
     losetup -d loop_device                                   # delete
     losetup [ -e encryption ] [ -o offset ] loop_device file # setup
---
Here, the extra options overflowed into the loop device field and overwrote what
was previously there with "-i 4096 -I 512 -q -O dir_index -F"

Lustre devel - Mar 2007 - [Bug 12054] New: mkfs.lustre does not perform proper bounds checking on mkfsoptions

[Lustre-devel] [Bug 12054] New: mkfs.lustre does not perform proper bounds checking on mkfsoptions