[PATCH] flatiron: Don't access invalid mem in totemconfig

Jan Friesse <jfriesse@xxxxxxxxxx> · Thu, 27 Sep 2012 13:00:24 +0200

When ringnumber in config file was set to value bigger or equal to
INTERFACE_MAX, we are using this big value as index to totemconfig
interfaces array, resulting to access to invalid memory and segfault.

Instead of that, ringnumber is now checked and proper error message is
printed if value is too big.

Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
---
 exec/totemconfig.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/exec/totemconfig.c b/exec/totemconfig.c
index 8de3243..99dd815 100644
--- a/exec/totemconfig.c
+++ b/exec/totemconfig.c
@@ -364,6 +364,16 @@ printf ("couldn't find totem handle\n");
 
 		objdb_get_int (objdb, object_interface_handle, "ringnumber", &ringnumber);
 
+
+		if (ringnumber >= INTERFACE_MAX) {
+			snprintf (error_string_response, sizeof(error_string_response),
+			    "parse error in config: interface ring number %u is bigger then allowed maximum %u\n",
+			    ringnumber, INTERFACE_MAX - 1);
+
+			*error_string = error_string_response;
+			return -1;
+		}
+
 		/*
 		 * Get interface multicast address
 		 */
-- 
1.7.1

_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss





