[Cluster-devel] cluster/cman/daemon daemon.c
pcaulfield at sourceware.org
pcaulfield at sourceware.org
Thu Jun 28 08:07:35 UTC 2007
CVSROOT: /cvs/cluster
Module name: cluster
Branch: RHEL50
Changes by: pcaulfield at sourceware.org 2007-06-28 08:07:35
Modified files:
cman/daemon : daemon.c
Log message:
Make sure to cleanup the buffer when processing each request or dirty data
can be passed from one request to another.
Add a barrier to make sure that the socket data are not bigger than the buffer
or we overflow somewhere at random.
21:41 #sistina: < feist> pjc: can you commit that first cman security fix to
RHEL50, (the rpm has already been built, but it would
be nice for tracking purposes).
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/cluster/cman/daemon/daemon.c.diff?cvsroot=cluster&only_with_tag=RHEL50&r1=1.32&r2=1.32.4.1
--- cluster/cman/daemon/daemon.c 2006/09/14 13:01:06 1.32
+++ cluster/cman/daemon/daemon.c 2007/06/28 08:07:34 1.32.4.1
@@ -147,6 +147,8 @@
int len;
int totallen = 0;
+ memset(buf, 0, (MAX_CLUSTER_MESSAGE + sizeof(struct sock_header)));
+
len = read(fd, buf, sizeof(struct sock_header));
P_DAEMON("read %d bytes from fd %d\n", len, fd);
@@ -175,6 +177,11 @@
send_status_return(con, msg->command, -EINVAL);
return 0;
}
+ if ((msg->length-len) > MAX_CLUSTER_MESSAGE) {
+ P_DAEMON("message on socket is too big\n");
+ send_status_return(con, msg->command, -EINVAL);
+ return 0;
+ }
totallen = len;
More information about the Cluster-devel
mailing list