From: Daniel Klein <danielk@xxxxxxxxxxxx>
When cl_disp_post is called with message_id != CL_DISP_MSGID_NONE, it
searches for the handler for the message in a vector using message_id as
the index.
This change adds a check to verify that the message_id that is used as
an index is not larger than vector's size.
This change adds resiliency to the code when cl_disp_post() is
called with an invalid message_id.
Signed-off-by: Daniel Klein <danielk@xxxxxxxxxxxx>
Signed-off-by: Hal Rosenstock <hal@xxxxxxxxxxxx>
---
complib/cl_dispatcher.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/complib/cl_dispatcher.c b/complib/cl_dispatcher.c
index 6736d67..1255c83 100644
--- a/complib/cl_dispatcher.c
+++ b/complib/cl_dispatcher.c
@@ -302,6 +302,11 @@ cl_status_t cl_disp_post(IN const cl_disp_reg_handle_t handle,
cl_spinlock_acquire(&p_disp->lock);
/* Check that the recipient exists. */
+ if (cl_ptr_vector_get_size(&p_disp->reg_vec) <= msg_id) {
+ cl_spinlock_release(&p_disp->lock);
+ return (CL_NOT_FOUND);
+ }
+
p_dest_reg = cl_ptr_vector_get(&p_disp->reg_vec, msg_id);
if (!p_dest_reg) {
cl_spinlock_release(&p_disp->lock);
--
1.7.8.2
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
