Commit which added number of addresses to srp_address structure didn't
count with totemsrp_ifaces_get where whole structure was copied instead
of addresses only. This is now fixed.
Also to make API totempg forward compatible, size of interfaces array
must be passed to ifaces_get like functions to prevent memory overwrite.
Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
---
exec/cfg.c | 3 ++-
exec/totemmrp.c | 2 ++
exec/totemmrp.h | 1 +
exec/totempg.c | 6 +++++-
exec/totemsrp.c | 28 ++++++++++++++++++++++++----
exec/totemsrp.h | 1 +
include/corosync/coroapi.h | 1 +
include/corosync/totem/totempg.h | 1 +
8 files changed, 37 insertions(+), 6 deletions(-)
diff --git a/exec/cfg.c b/exec/cfg.c
index 03cd6c1..98878d5 100644
--- a/exec/cfg.c
+++ b/exec/cfg.c
@@ -553,6 +553,7 @@ static void message_handler_req_lib_cfg_ringstatusget (
api->totem_ifaces_get (
api->totem_nodeid_get(),
interfaces,
+ INTERFACE_MAX,
&status,
&iface_count);
@@ -801,7 +802,7 @@ static void message_handler_req_lib_cfg_get_node_addrs (void *conn,
if (nodeid == 0)
nodeid = api->totem_nodeid_get();
- api->totem_ifaces_get(nodeid, node_ifs, &status, &num_interfaces);
+ api->totem_ifaces_get(nodeid, node_ifs, INTERFACE_MAX, &status, &num_interfaces);
res_lib_cfg_get_node_addrs->header.size = sizeof(struct res_lib_cfg_get_node_addrs) + (num_interfaces * TOTEMIP_ADDRLEN);
res_lib_cfg_get_node_addrs->header.id = MESSAGE_RES_CFG_GET_NODE_ADDRS;
diff --git a/exec/totemmrp.c b/exec/totemmrp.c
index f7763fd..84ad031 100644
--- a/exec/totemmrp.c
+++ b/exec/totemmrp.c
@@ -196,6 +196,7 @@ void totemmrp_event_signal (enum totem_event_type type, int value)
int totemmrp_ifaces_get (
unsigned int nodeid,
struct totem_ip_address *interfaces,
+ unsigned int interfaces_size,
char ***status,
unsigned int *iface_count)
{
@@ -205,6 +206,7 @@ int totemmrp_ifaces_get (
totemsrp_context,
nodeid,
interfaces,
+ interfaces_size,
status,
iface_count);
diff --git a/exec/totemmrp.h b/exec/totemmrp.h
index 12cc1a8..1977918 100644
--- a/exec/totemmrp.h
+++ b/exec/totemmrp.h
@@ -106,6 +106,7 @@ extern void totemmrp_event_signal (enum totem_event_type type, int value);
extern int totemmrp_ifaces_get (
unsigned int nodeid,
struct totem_ip_address *interfaces,
+ unsigned int interfaces_size,
char ***status,
unsigned int *iface_count);
diff --git a/exec/totempg.c b/exec/totempg.c
index 94f00cd..abaaf6b 100644
--- a/exec/totempg.c
+++ b/exec/totempg.c
@@ -1359,6 +1359,7 @@ int totempg_groups_send_ok_groups (
int totempg_ifaces_get (
unsigned int nodeid,
struct totem_ip_address *interfaces,
+ unsigned int interfaces_size,
char ***status,
unsigned int *iface_count)
{
@@ -1367,6 +1368,7 @@ int totempg_ifaces_get (
res = totemmrp_ifaces_get (
nodeid,
interfaces,
+ interfaces_size,
status,
iface_count);
@@ -1415,11 +1417,13 @@ const char *totempg_ifaces_print (unsigned int nodeid)
iface_string[0] = '\0';
- res = totempg_ifaces_get (nodeid, interfaces, &status, &iface_count);
+ res = totempg_ifaces_get (nodeid, interfaces, INTERFACE_MAX, &status, &iface_count);
if (res == -1) {
return ("no interface found for nodeid");
}
+ res = totempg_ifaces_get (nodeid, interfaces, INTERFACE_MAX, &status, &iface_count);
+
for (i = 0; i < iface_count; i++) {
sprintf (one_iface, "r(%d) ip(%s) ",
i, totemip_print (&interfaces[i]));
diff --git a/exec/totemsrp.c b/exec/totemsrp.c
index 52ee574..b3d86f4 100644
--- a/exec/totemsrp.c
+++ b/exec/totemsrp.c
@@ -987,10 +987,19 @@ void totemsrp_finalize (
free (instance);
}
+/*
+ * Return configured interfaces. interfaces is array of totem_ip addresses allocated by caller,
+ * with interaces_size number of items. iface_count is final number of interfaces filled by this
+ * function.
+ *
+ * Function returns 0 on success, otherwise if interfaces array is not big enough, -2 is returned,
+ * and if interface was not found, -1 is returned.
+ */
int totemsrp_ifaces_get (
void *srp_context,
unsigned int nodeid,
struct totem_ip_address *interfaces,
+ unsigned int interfaces_size,
char ***status,
unsigned int *iface_count)
{
@@ -1007,9 +1016,15 @@ int totemsrp_ifaces_get (
}
if (found) {
- memcpy (interfaces, &instance->my_memb_list[i],
- sizeof (struct srp_addr));
*iface_count = instance->totem_config->interface_count;
+
+ if (interfaces_size >= *iface_count) {
+ memcpy (interfaces, instance->my_memb_list[i].addr,
+ sizeof (struct totem_ip_address) * *iface_count);
+ } else {
+ res = -2;
+ }
+
goto finish;
}
@@ -1021,9 +1036,14 @@ int totemsrp_ifaces_get (
}
if (found) {
- memcpy (interfaces, &instance->my_left_memb_list[i],
- sizeof (struct srp_addr));
*iface_count = instance->totem_config->interface_count;
+
+ if (interfaces_size >= *iface_count) {
+ memcpy (interfaces, instance->my_left_memb_list[i].addr,
+ sizeof (struct totem_ip_address) * *iface_count);
+ } else {
+ res = -2;
+ }
} else {
res = -1;
}
diff --git a/exec/totemsrp.h b/exec/totemsrp.h
index 29fa127..d29aa3a 100644
--- a/exec/totemsrp.h
+++ b/exec/totemsrp.h
@@ -103,6 +103,7 @@ extern int totemsrp_ifaces_get (
void *srp_context,
unsigned int nodeid,
struct totem_ip_address *interfaces,
+ unsigned int interfaces_size,
char ***status,
unsigned int *iface_count);
diff --git a/include/corosync/coroapi.h b/include/corosync/coroapi.h
index ef22bd3..77b5f8f 100644
--- a/include/corosync/coroapi.h
+++ b/include/corosync/coroapi.h
@@ -234,6 +234,7 @@ struct corosync_api_v1 {
int (*totem_ifaces_get) (
unsigned int nodeid,
struct totem_ip_address *interfaces,
+ unsigned int interfaces_size,
char ***status,
unsigned int *iface_count);
diff --git a/include/corosync/totem/totempg.h b/include/corosync/totem/totempg.h
index 8a94aec..8bbecbf 100644
--- a/include/corosync/totem/totempg.h
+++ b/include/corosync/totem/totempg.h
@@ -140,6 +140,7 @@ extern int totempg_groups_send_ok_groups (
extern int totempg_ifaces_get (
unsigned int nodeid,
struct totem_ip_address *interfaces,
+ unsigned int interfaces_size,
char ***status,
unsigned int *iface_count);
--
1.7.1
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
