ctdb: stack leakage over wire

Rusty Russell rusty at rustcorp.com.au
Wed Nov 4 23:04:27 MST 2009


Hi all,

   Running valgrind showed that we're leaking uninitialized vars over the
wire.  In particular on 64 bit x86:

	struct takeover_run_reply {
		uint32_t pnn;
		uint64_t srvid;
	};

The padding bytes between the two are uninitialized:

	static void ctdb_health_callback(struct ctdb_context *ctdb, int status, void *p)
	{
	...
		struct takeover_run_reply rd;
	...
		rd.pnn   = ctdb->pnn;
		rd.srvid = CTDB_SRVID_TAKEOVER_RUN_RESPONSE;

This then gets memcpy'd by generic routines into the packet.  Fixing this case
is easy, but there are others.  There are several solutions I can see:

1) Try to remember to explicitly set stuff everywhere (whack-a-mole),
2) Explicit marshal/unmarshall funcs for each type (slightly less fragile, as
   only those funcs need to remember to zero),
3) Set attribute((packed)) (breaks wire format, assumes gcc extension),
4) Bite the bullet and marshall/unmarshall into a portable format (breaks
   wire format, but allows potential for cross-platform ctdb).

Thoughts welcome...
Rusty.


More information about the samba-technical mailing list