[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [lvm-devel] [PATCH 2/2] Do not send random bytes in message



Dne 2.3.2011 19:09, Zdenek Kabelac napsal(a):
> Fixing few issues:
> 
> struct clvm_header contains 'char args[1]' - so adding '+ 1' here
> for the message length calculation is not correct - we end up with longer
> message where last byte is uninitialized and passed to write function.
> 
> xid and clintid are initialized to 0.
> 
> Memory allocation is checked for NULL - though it's not really clear what
> should happen in this case - so just log the message - probably it will 
> fail few moments later...
> 

Needs also updated arglen parameter - so attaching updated patch.

Zdenek
Fixing few issues:

struct clvm_header  contains  'char args[1]' - so adding '+ 1' here
for message length calculation is not correct - we end up with longer
message with last byte uninitialized and passed to write function.
Update also related arglen.

xid and clintid are initialized to 0.

Memory allocation is checked for NULL - though it's not really clear what
should happen in this case - so just log the message - it will fails few
moments later probably....

mer
---
 daemons/clvmd/clvmd.c |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/daemons/clvmd/clvmd.c b/daemons/clvmd/clvmd.c
index 00d330d..439a82c 100644
--- a/daemons/clvmd/clvmd.c
+++ b/daemons/clvmd/clvmd.c
@@ -1743,13 +1743,18 @@ static void send_local_reply(struct local_client *client, int status, int fd)
 	}
 
 	/* Add in the size of our header */
-	message_len = message_len + sizeof(struct clvm_header) + 1;
-	replybuf = malloc(message_len);
+	message_len = message_len + sizeof(struct clvm_header);
+	if (!(replybuf = malloc(message_len))) {
+		DEBUGLOG("Memory allocation fails\n");
+		return;
+	}
 
 	clientreply = (struct clvm_header *) replybuf;
 	clientreply->status = status;
 	clientreply->cmd = CLVMD_CMD_REPLY;
 	clientreply->node[0] = '\0';
+	clientreply->xid = 0;
+	clientreply->clientid = 0;
 	clientreply->flags = 0;
 
 	ptr = clientreply->args;
@@ -1784,7 +1789,7 @@ static void send_local_reply(struct local_client *client, int status, int fd)
 	/* Terminate with an empty node name */
 	*ptr = '\0';
 
-	clientreply->arglen = ptr - clientreply->args + 1;
+	clientreply->arglen = ptr - clientreply->args;
 
 	/* And send it */
 	send_message(replybuf, message_len, our_csid, fd,
-- 
1.7.4.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]