ctdb: stack leakage over wire

ronnie sahlberg ronniesahlberg at gmail.com
Thu Nov 5 02:11:57 MST 2009


For short term I think 1 is sufficient.

Longer term, 4 would be very desireable.


On Thu, Nov 5, 2009 at 5:04 PM, Rusty Russell <rusty at rustcorp.com.au> wrote:
> Hi all,
>
>   Running valgrind showed that we're leaking uninitialized vars over the
> wire.  In particular on 64 bit x86:
>
>        struct takeover_run_reply {
>                uint32_t pnn;
>                uint64_t srvid;
>        };
>
> The padding bytes between the two are uninitialized:
>
>        static void ctdb_health_callback(struct ctdb_context *ctdb, int status, void *p)
>        {
>        ...
>                struct takeover_run_reply rd;
>        ...
>                rd.pnn   = ctdb->pnn;
>                rd.srvid = CTDB_SRVID_TAKEOVER_RUN_RESPONSE;
>
> This then gets memcpy'd by generic routines into the packet.  Fixing this case
> is easy, but there are others.  There are several solutions I can see:
>
> 1) Try to remember to explicitly set stuff everywhere (whack-a-mole),
> 2) Explicit marshal/unmarshall funcs for each type (slightly less fragile, as
>   only those funcs need to remember to zero),
> 3) Set attribute((packed)) (breaks wire format, assumes gcc extension),
> 4) Bite the bullet and marshall/unmarshall into a portable format (breaks
>   wire format, but allows potential for cross-platform ctdb).
>
> Thoughts welcome...
> Rusty.
>


More information about the samba-technical mailing list