[PATCH] Fixes to CTDB protocol handling

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue May 3 15:30:31 UTC 2016

On Tue, May 03, 2016 at 04:49:57PM +1000, Amitay Isaacs wrote:
> Here are some more fixes as suggested by Volker.  Add checks before using
> data on wire and checks integer wrapping.

Quick remark: I believe

+       if (wire->num * sizeof(struct ctdb_statistics) > buflen) {
+               return EMSGSIZE;
+       }

is wrong. The multiplication could overflow leading to the
check succeeding where it should not. I think that something

if (wire->num > buflen / sizeof(struct ..) 

or so should avoid that.

Then there's a

        n = offsetof(struct ctdb_rec_data_wire, data) +
                wire->keylen + wire->datalen;

for which I'm uncertain about the overflow in the +.

I know, C network protocol code is almost impossible to get right :-(


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list