[PATCH] Fixes to CTDB protocol handling
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue May 3 15:30:31 UTC 2016
On Tue, May 03, 2016 at 04:49:57PM +1000, Amitay Isaacs wrote:
> Here are some more fixes as suggested by Volker. Add checks before using
> data on wire and checks integer wrapping.
Quick remark: I believe
+ if (wire->num * sizeof(struct ctdb_statistics) > buflen) {
+ return EMSGSIZE;
+ }
is wrong. The multiplication could overflow leading to the
check succeeding where it should not. I think that something
like
if (wire->num > buflen / sizeof(struct ..)
or so should avoid that.
Then there's a
n = offsetof(struct ctdb_rec_data_wire, data) +
wire->keylen + wire->datalen;
for which I'm uncertain about the overflow in the +.
I know, C network protocol code is almost impossible to get right :-(
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list