Reviewed-by: Steven Dake <sdake@xxxxxxxxxx>
On 09/27/2012 04:00 AM, Jan Friesse wrote:
> When ringnumber in config file was set to value bigger or equal to
> INTERFACE_MAX, we are using this big value as index to totemconfig
> interfaces array, resulting to access to invalid memory and segfault.
>
> Instead of that, ringnumber is now checked and proper error message is
> printed if value is too big.
>
> Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
> ---
> exec/totemconfig.c | 10 ++++++++++
> 1 files changed, 10 insertions(+), 0 deletions(-)
>
> diff --git a/exec/totemconfig.c b/exec/totemconfig.c
> index a35ec56..e1b9f80 100644
> --- a/exec/totemconfig.c
> +++ b/exec/totemconfig.c
> @@ -495,6 +495,16 @@ extern int totem_config_read (
> member_count = 0;
>
> ringnumber = atoi(ringnumber_key);
> +
> + if (ringnumber >= INTERFACE_MAX) {
> + snprintf (error_string_response, sizeof(error_string_response),
> + "parse error in config: interface ring number %u is bigger then allowed maximum %u\n",
> + ringnumber, INTERFACE_MAX - 1);
> +
> + *error_string = error_string_response;
> + return -1;
> + }
> +
> /*
> * Get the bind net address
> */
>
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
