If ipc init failed, buffers was not unlinked nether by client (lib) side
nor server (corosync) side. This may lead to fill all available space,
resulting in no accept of other connection. Typical example can be user
running any corosync ipc binary (like corosync-objctl), without correct
uid/gid entry in corosync configuration, resulting in DOS.
Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
---
lib/coroipcc.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/lib/coroipcc.c b/lib/coroipcc.c
index de1af53..bbe2817 100644
--- a/lib/coroipcc.c
+++ b/lib/coroipcc.c
@@ -752,7 +752,7 @@ coroipcc_service_connect (
ipc_instance->fd = request_fd;
- if (path_data->res_setup.error == CS_ERR_TRY_AGAIN) {
+ if (path_data->res_setup.error != CS_OK) {
res = path_data->res_setup.error;
goto error_exit;
}
@@ -776,12 +776,16 @@ error_exit:
semctl (ipc_instance->control_buffer->semid, 0, IPC_RMID);
#endif
memory_unmap (ipc_instance->dispatch_buffer, dispatch_size);
+ unlink (path_data->dispatch_map_path);
error_dispatch_buffer:
memory_unmap (ipc_instance->response_buffer, response_size);
+ unlink (path_data->response_map_path);
error_response_buffer:
memory_unmap (ipc_instance->request_buffer, request_size);
+ unlink (path_data->request_map_path);
error_request_buffer:
memory_unmap (ipc_instance->control_buffer, 8192);
+ unlink (path_data->control_map_path);
error_connect:
close (request_fd);
--
1.7.1
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
