Signed-off-by: Jan Friesse <jfriesse@xxxxxxxxxx>
---
include/corosync/ipc_cpg.h | 4 +++-
lib/cpg.c | 6 ++++++
2 files changed, 9 insertions(+), 1 deletions(-)
diff --git a/include/corosync/ipc_cpg.h b/include/corosync/ipc_cpg.h
index 76a7c88..a95335a 100644
--- a/include/corosync/ipc_cpg.h
+++ b/include/corosync/ipc_cpg.h
@@ -40,6 +40,8 @@
#include <corosync/corotypes.h>
#include <corosync/mar_gen.h>
+#define CPG_ZC_PATH_LEN 128
+
enum req_cpg_types {
MESSAGE_REQ_CPG_JOIN = 0,
MESSAGE_REQ_CPG_LEAVE = 1,
@@ -298,7 +300,7 @@ struct res_lib_cpg_iterationfinalize {
typedef struct {
struct qb_ipc_request_header header __attribute__((aligned(8)));
size_t map_size __attribute__((aligned(8)));
- char path_to_file[128] __attribute__((aligned(8)));
+ char path_to_file[CPG_ZC_PATH_LEN] __attribute__((aligned(8)));
} mar_req_coroipcc_zc_alloc_t __attribute__((aligned(8)));
typedef struct {
diff --git a/lib/cpg.c b/lib/cpg.c
index 046532b..4b92f44 100644
--- a/lib/cpg.c
+++ b/lib/cpg.c
@@ -834,6 +834,12 @@ cs_error_t cpg_zcb_alloc (
map_size = size + sizeof (struct req_lib_cpg_mcast) + sizeof (struct coroipcs_zc_header);
assert(memory_map (path, "corosync_zerocopy-XXXXXX", &buf, map_size) != -1);
+ if (strlen(path) >= CPG_ZC_PATH_LEN) {
+ unlink(path);
+ munmap (buf, map_size);
+ return (CS_ERR_NAME_TOO_LONG);
+ }
+
req_coroipcc_zc_alloc.header.size = sizeof (mar_req_coroipcc_zc_alloc_t);
req_coroipcc_zc_alloc.header.id = MESSAGE_REQ_CPG_ZC_ALLOC;
req_coroipcc_zc_alloc.map_size = map_size;
--
1.7.1
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
