rpms/ganglia/EL-5 gmetad-bof-dos.patch,NONE,1.1
Kostas Georgiou
georgiou at fedoraproject.org
Tue Jan 20 22:01:38 UTC 2009
- Previous message (by thread): rpms/ganglia/EL-5 .cvsignore, 1.4, 1.5 ganglia.spec, 1.7, 1.8 sources, 1.4, 1.5
- Next message (by thread): rpms/gnome-media/devel .cvsignore, 1.48, 1.49 gnome-media.spec, 1.150, 1.151 sources, 1.47, 1.48
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: georgiou
Update of /cvs/extras/rpms/ganglia/EL-5
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5575
Added Files:
gmetad-bof-dos.patch
Log Message:
The patch
gmetad-bof-dos.patch:
--- NEW FILE gmetad-bof-dos.patch ---
--- gmetad/server.c.orig
+++ gmetad/server.c
@@ -11,6 +11,7 @@
#include "dtd.h"
#include "gmetad.h"
#include "my_inet_ntop.h"
+#include <stdlib.h>
extern g_tcp_socket *server_socket;
extern pthread_mutex_t server_socket_mutex;
@@ -370,14 +371,13 @@ tree_report(datum_t *key, datum_t *val, void *arg)
/* sacerdoti: This function does a tree walk while respecting the filter path.
* Will return valid XML even if we have chosen a subtree. Since tree depth is
- * bounded, this function guarantees O(1) search time. The recursive structure
- * does not require any memory allocations.
+ * bounded, this function guarantees O(1) search time.
*/
static int
process_path (client_t *client, char *path, datum_t *myroot, datum_t *key)
{
char *p, *q, *pathend;
- char element[256];
+ char *element;
int rc, len;
datum_t *found;
datum_t findkey;
@@ -419,6 +419,10 @@ process_path (client_t *client, char *path, datum_t *myroot, datum_t *key)
if (!q) q=pathend;
len = q-p;
+ element = malloc(len + 1);
+ if ( element == NULL )
+ return 1;
+
strncpy(element, p, len);
element[len] = '\0';
@@ -435,10 +439,13 @@ process_path (client_t *client, char *path, datum_t *myroot, datum_t *key)
rc = process_path(client, q, found, &findkey);
datum_free(found);
+ free(element);
}
else
{
- rc = process_path(client, 0, myroot, NULL);
+ /* element not found */
+ free(element);
+ return 1;
}
}
if (rc) return 1;
@@ -537,7 +544,7 @@ server_thread (void *arg)
socklen_t len;
client_t client;
char remote_ip[16];
- char request[REQUESTLEN];
+ char request[REQUESTLEN + 1];
llist_entry *le;
datum_t rootdatum;
@@ -600,8 +607,8 @@ server_thread (void *arg)
if (process_request(&client, request))
{
err_msg("Got a malformed path request from %s", remote_ip);
- /* Send them the entire tree to discourage attacks. */
- strcpy(request, "/");
+ close(client.fd);
+ continue;
}
}
else
- Previous message (by thread): rpms/ganglia/EL-5 .cvsignore, 1.4, 1.5 ganglia.spec, 1.7, 1.8 sources, 1.4, 1.5
- Next message (by thread): rpms/gnome-media/devel .cvsignore, 1.48, 1.49 gnome-media.spec, 1.150, 1.151 sources, 1.47, 1.48
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list