Re: [PATCH][flatiron] confdb: Fix crash with long values and add API calls to get them

Christine Caulfield <ccaulfie@xxxxxxxxxx> · Mon, 13 Aug 2012 09:41:44 +0100

.. and forget that last one. This one passes valgrind

Signed-Off-By: Christine Caulfield <ccaulfie@xxxxxxxxxx>



On 13/08/12 09:31, Christine Caulfield wrote:
I just found a large memory leak in that patch. This patch fixes it.
I'll add it to the BZ

Signed-Off-By: Christine Caulfield <ccaulfie@xxxxxxxxxx>



On 10/08/12 09:14, Fabio M. Di Nitto wrote:
Patch looks good to me.

ACK

Fabio

On 8/10/2012 10:00 AM, Christine Caulfield wrote:
confdb as it stands has a limit of 256 bytes in a returned value -
anything larger than that will cause corosync to crash.

This patch adds checks toprevent this happening, fixes some API calls
so that they return the full value and adds some new ones where it
wasn't possible to safely return am arbitrarily long string.

It refers to Red Hat Bugzilla #845626

  include/corosync/confdb.h     |   18 +++
  include/corosync/ipc_confdb.h |   54 +++++++++
  lib/confdb.c                  |  232
+++++++++++++++++++++++++++++++++++++-----
  lib/sa-confdb.c               |   33 ++++-
  lib/sa-confdb.h               |    6 -
  services/confdb.c             |  215
++++++++++++++++++++++++++++++++++----
  tools/corosync-objctl.c       |   27 +++-
  7 files changed, 514 insertions(+), 71 deletions(-)

Signed-Off-By: Christine Caulfield <ccaulfie@xxxxxxxxxx>

diff --git a/lib/confdb.c b/lib/confdb.c
index 0dbecb9..33e593d 100644
--- a/lib/confdb.c
+++ b/lib/confdb.c
@@ -857,11 +857,14 @@ cs_error_t confdb_key_create_typed (
 		sizeof (res));
 
 	if (error != CS_OK) {
-		goto error_exit;
+		goto free_exit;
 	}
 
 	error = res.error;
 
+free_exit:
+	free(request);
+
 error_exit:
 	(void)hdb_handle_put (&confdb_handle_t_db, handle);
 
@@ -1115,6 +1118,7 @@ cs_error_t confdb_key_get_typed2 (
 		*value_len = response->value_length;
 		*type = response->type;
 	}
+	coroipcc_msg_send_reply_receive_in_buf_put(confdb_inst->handle);
 
 error_exit:
 	(void)hdb_handle_put (&confdb_handle_t_db, handle);
@@ -1295,10 +1299,12 @@ cs_error_t confdb_key_replace (
 		sizeof (res));
 
 	if (error != CS_OK) {
-		goto error_exit;
+		goto free_exit;
 	}
 
 	error = res.error;
+free_exit:
+	free(req_lib_confdb_key_replace);
 
 error_exit:
 	(void)hdb_handle_put (&confdb_handle_t_db, handle);
@@ -1778,6 +1784,7 @@ cs_error_t confdb_key_iter_typed2 (
 		*value_len = response->value_length;
 		*type = response->type;
 	}
+	coroipcc_msg_send_reply_receive_in_buf_put(confdb_inst->handle);
 
 sa_exit:
 	context->next_entry++;
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss




