Reviewed-by: Steven Dake <sdake@xxxxxxxxxx>
On 02/27/2012 07:25 AM, Jan Friesse wrote:
> If ipc init failed, buffers was not unlinked nether by client (lib) side
> nor server (corosync) side. This may lead to fill all available space,
> resulting in no accept of other connection. Typical example can be user
> running any corosync ipc binary (like corosync-objctl), without correct
> uid/gid entry in corosync configuration, resulting in DOS.
>
> Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
> ---
> lib/coroipcc.c | 6 +++++-
> 1 files changed, 5 insertions(+), 1 deletions(-)
>
> diff --git a/lib/coroipcc.c b/lib/coroipcc.c
> index de1af53..bbe2817 100644
> --- a/lib/coroipcc.c
> +++ b/lib/coroipcc.c
> @@ -752,7 +752,7 @@ coroipcc_service_connect (
>
> ipc_instance->fd = request_fd;
>
> - if (path_data->res_setup.error == CS_ERR_TRY_AGAIN) {
> + if (path_data->res_setup.error != CS_OK) {
> res = path_data->res_setup.error;
> goto error_exit;
> }
> @@ -776,12 +776,16 @@ error_exit:
> semctl (ipc_instance->control_buffer->semid, 0, IPC_RMID);
> #endif
> memory_unmap (ipc_instance->dispatch_buffer, dispatch_size);
> + unlink (path_data->dispatch_map_path);
> error_dispatch_buffer:
> memory_unmap (ipc_instance->response_buffer, response_size);
> + unlink (path_data->response_map_path);
> error_response_buffer:
> memory_unmap (ipc_instance->request_buffer, request_size);
> + unlink (path_data->request_map_path);
> error_request_buffer:
> memory_unmap (ipc_instance->control_buffer, 8192);
> + unlink (path_data->control_map_path);
> error_connect:
> close (request_fd);
>
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
