When ringnumber in config file was set to value bigger or equal to
INTERFACE_MAX, we are using this big value as index to totemconfig
interfaces array, resulting to access to invalid memory and segfault.
Instead of that, ringnumber is now checked and proper error message is
printed if value is too big.
Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
---
exec/totemconfig.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/exec/totemconfig.c b/exec/totemconfig.c
index a35ec56..e1b9f80 100644
--- a/exec/totemconfig.c
+++ b/exec/totemconfig.c
@@ -495,6 +495,16 @@ extern int totem_config_read (
member_count = 0;
ringnumber = atoi(ringnumber_key);
+
+ if (ringnumber >= INTERFACE_MAX) {
+ snprintf (error_string_response, sizeof(error_string_response),
+ "parse error in config: interface ring number %u is bigger then allowed maximum %u\n",
+ ringnumber, INTERFACE_MAX - 1);
+
+ *error_string = error_string_response;
+ return -1;
+ }
+
/*
* Get the bind net address
*/
--
1.7.1
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
