Re: [PATCH] flatiron: Don't access invalid mem in totemconfig

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Reviewed-by: Steven Dake <sdake@xxxxxxxxxx>

On 09/27/2012 04:00 AM, Jan Friesse wrote:
> When ringnumber in config file was set to value bigger or equal to
> INTERFACE_MAX, we are using this big value as index to totemconfig
> interfaces array, resulting to access to invalid memory and segfault.
> 
> Instead of that, ringnumber is now checked and proper error message is
> printed if value is too big.
> 
> Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
> ---
>  exec/totemconfig.c |   10 ++++++++++
>  1 files changed, 10 insertions(+), 0 deletions(-)
> 
> diff --git a/exec/totemconfig.c b/exec/totemconfig.c
> index 8de3243..99dd815 100644
> --- a/exec/totemconfig.c
> +++ b/exec/totemconfig.c
> @@ -364,6 +364,16 @@ printf ("couldn't find totem handle\n");
>  
>  		objdb_get_int (objdb, object_interface_handle, "ringnumber", &ringnumber);
>  
> +
> +		if (ringnumber >= INTERFACE_MAX) {
> +			snprintf (error_string_response, sizeof(error_string_response),
> +			    "parse error in config: interface ring number %u is bigger then allowed maximum %u\n",
> +			    ringnumber, INTERFACE_MAX - 1);
> +
> +			*error_string = error_string_response;
> +			return -1;
> +		}
> +
>  		/*
>  		 * Get interface multicast address
>  		 */
> 

_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss


[Index of Archives]     [Linux Clusters]     [Corosync Project]     [Linux USB Devel]     [Linux Audio Users]     [Photo]     [Yosemite News]    [Yosemite Photos]    [Linux Kernel]     [Linux SCSI]     [X.Org]

  Powered by Linux