[libvirt] [PATCH] remote_driver.c: also zero out ->saslDecodedOffset member

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Technically, the initialization of ->saslDecodedOffset is not required, but...

What could go wrong if saslDecodedOffset is left with some positive
value in the if-block below?
Well, in that same if-block priv->saslDecoded is set to NULL, and in that
case, the code above *usually* sets priv->saslDecodedOffset to 0, but not
if we hit one of the intervening returns.
In that case, you have to wonder if priv->saslDecoded can be set to non-NULL,
yet with priv->saslDecodedOffset still left with the now-bogus positive
value.  In that case, with an initial saslDecodedLength of 0, we'd
compute this:

        wantData = (priv->saslDecodedLength - priv->saslDecodedOffset

and that would be negative.
The very next statement would cause trouble, as the
negative value treated-as-size_t would wreak havoc:

        memcpy(priv->buffer + priv->bufferOffset,
               priv->saslDecoded + priv->saslDecodedOffset,
               wantData);

Luckily, the semantics of sasl_decode ensure that does not happen.
Hence, an alternate (though riskier) patch would be to skip
that of priv->saslDecodedOffset altogether.

>From a3578fc03714a210678e6bcf62d162d92c9d07c0 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@xxxxxxxxxx>
Date: Mon, 14 Dec 2009 13:00:01 +0100
Subject: [PATCH] remote_driver.c: also zero out ->saslDecodedOffset member

* src/remote/remote_driver.c (remoteIOReadMessage): ...rather than
zeroing out priv->saslDecodedLength twice.
---
 src/remote/remote_driver.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index affeb0f..77962fe 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -7782,7 +7782,7 @@ remoteIOReadMessage(virConnectPtr conn, struct private_data *priv,
         priv->saslDecodedOffset += wantData;
         priv->bufferOffset += wantData;
         if (priv->saslDecodedOffset == priv->saslDecodedLength) {
-            priv->saslDecodedLength = priv->saslDecodedLength = 0;
+            priv->saslDecodedOffset = priv->saslDecodedLength = 0;
             priv->saslDecoded = NULL;
         }

--
1.6.6.rc2.275.g51e2d

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]