[ctdb][PATCH] fix a potential buffer overflow
Sumit Bose
sbose at redhat.com
Mon Jun 22 03:11:30 MDT 2009
Hi,
please find enclosed two patch addressing potential memory handling
problems in ctdb.
bye,
Sumit
-------------- next part --------------
>From 628ea89d03a2cfc0af38b41b6b88163a33b510b1 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Thu, 4 Jun 2009 14:26:24 +0200
Subject: [PATCH] add checks on talloc_size return value
---
common/ctdb_util.c | 11 ++++++++---
ib/ibwrapper_test.c | 2 ++
tests/src/ctdb_bench.c | 3 +++
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/common/ctdb_util.c b/common/ctdb_util.c
index d64f515..2567934 100644
--- a/common/ctdb_util.c
+++ b/common/ctdb_util.c
@@ -333,12 +333,17 @@ struct ctdb_rec_data *ctdb_marshall_loop_next(struct ctdb_marshall_buffer *m, st
*/
void ctdb_set_scheduler(struct ctdb_context *ctdb)
{
-#if HAVE_SCHED_SETSCHEDULER
+#if HAVE_SCHED_SETSCHEDULER
struct sched_param p;
if (ctdb->saved_scheduler_param == NULL) {
ctdb->saved_scheduler_param = talloc_size(ctdb, sizeof(p));
+ /* maybe not all sched_getparam implemenations can handle NULL */
+ if (ctdb->saved_scheduler_param == NULL) {
+ DEBUG(DEBUG_ERR,("talloc_size failed\n"));
+ return;
+ }
}
-
+
if (sched_getparam(0, (struct sched_param *)ctdb->saved_scheduler_param) == -1) {
DEBUG(DEBUG_ERR,("Unable to get old scheduler params\n"));
return;
@@ -348,7 +353,7 @@ void ctdb_set_scheduler(struct ctdb_context *ctdb)
p.sched_priority = 1;
if (sched_setscheduler(0, SCHED_FIFO, &p) == -1) {
- DEBUG(DEBUG_CRIT,("Unable to set scheduler to SCHED_FIFO (%s)\n",
+ DEBUG(DEBUG_CRIT,("Unable to set scheduler to SCHED_FIFO (%s)\n",
strerror(errno)));
} else {
DEBUG(DEBUG_NOTICE,("Set scheduler to SCHED_FIFO\n"));
diff --git a/ib/ibwrapper_test.c b/ib/ibwrapper_test.c
index b9c80ae..7eb26e2 100644
--- a/ib/ibwrapper_test.c
+++ b/ib/ibwrapper_test.c
@@ -439,6 +439,7 @@ int ibwtest_parse_attrs(struct ibwtest_ctx *tcx, char *optext,
attrs = (struct ibw_initattr *)talloc_size(tcx,
n * sizeof(struct ibw_initattr));
+ if (attrs == NULL) return -1;
for(p = optext; *p!='\0'; p++) {
if (porcess_next) {
attrs[i].name = p;
@@ -493,6 +494,7 @@ int ibwtest_getdests(struct ibwtest_ctx *tcx, char op)
tcx->addrs = talloc_size(tcx,
tcx->naddrs * sizeof(struct sockaddr_in));
+ if (tcx->attrs == NULL) return -1;
for(i=0; i<tcx->naddrs; i++) {
p = tcx->addrs + i;
p->sin_family = AF_INET;
diff --git a/tests/src/ctdb_bench.c b/tests/src/ctdb_bench.c
index 52e5b50..d15004b 100644
--- a/tests/src/ctdb_bench.c
+++ b/tests/src/ctdb_bench.c
@@ -60,6 +60,9 @@ static int incr_func(struct ctdb_call_info *call)
return CTDB_ERR_NOMEM;
}
call->new_data->dptr = talloc_size(call, 4);
+ if (call->new_data->dptr == NULL) {
+ return CTDB_ERR_NOMEM;
+ }
call->new_data->dsize = 4;
*(uint32_t *)call->new_data->dptr = 0;
} else {
--
1.6.2.2
-------------- next part --------------
>From a4dd47f1876d1fade47f3dffea3e043c82cbb5a2 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose at redhat.com>
Date: Thu, 4 Jun 2009 14:45:41 +0200
Subject: [PATCH] fix a potential buffer overflow
---
ib/ibwrapper.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ib/ibwrapper.c b/ib/ibwrapper.c
index f6e7168..1b41b6b 100644
--- a/ib/ibwrapper.c
+++ b/ib/ibwrapper.c
@@ -929,7 +929,8 @@ static int ibw_process_init_attrs(struct ibw_initattr *attr, int nattr, struct i
else if (strcmp(name, "recv_threshold")==0)
opts->recv_threshold = atoi(value);
else {
- sprintf(ibw_lasterr, "ibw_init: unknown name %s\n", name);
+ snprintf(ibw_lasterr, IBW_LASTERR_BUFSIZE, "ibw_init: unknown name %s\n", name);
+ ibw_lasterr[IBW_LASTERR_BUFSIZE-1] = '\0';
return -1;
}
}
--
1.6.2.2
More information about the samba-technical
mailing list