[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Cluster-devel] cluster/cman/daemon daemon.c



CVSROOT:	/cvs/cluster
Module name:	cluster
Branch: 	RHEL50
Changes by:	pcaulfield sourceware org	2007-06-28 08:07:35

Modified files:
	cman/daemon    : daemon.c 

Log message:
	Make sure to cleanup the buffer when processing each request or dirty data
	can be passed from one request to another.
	
	Add a barrier to make sure that the socket data are not bigger than the buffer
	or we overflow somewhere at random.
	
	21:41 #sistina: < feist> pjc:  can you commit that first cman security fix to
	RHEL50, (the rpm has already been built, but it would
	be nice for tracking purposes).

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/cman/daemon/daemon.c.diff?cvsroot=cluster&only_with_tag=RHEL50&r1=1.32&r2=1.32.4.1

--- cluster/cman/daemon/daemon.c	2006/09/14 13:01:06	1.32
+++ cluster/cman/daemon/daemon.c	2007/06/28 08:07:34	1.32.4.1
@@ -147,6 +147,8 @@
 		int len;
 		int totallen = 0;
 
+		memset(buf, 0, (MAX_CLUSTER_MESSAGE + sizeof(struct sock_header)));
+
 		len = read(fd, buf, sizeof(struct sock_header));
 
 		P_DAEMON("read %d bytes from fd %d\n", len, fd);
@@ -175,6 +177,11 @@
 			send_status_return(con, msg->command, -EINVAL);
 			return 0;
 		}
+		if ((msg->length-len) > MAX_CLUSTER_MESSAGE) {
+			P_DAEMON("message on socket is too big\n");
+			send_status_return(con, msg->command, -EINVAL);
+			return 0;
+		}
 
 		totallen = len;
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]