[lvm-devel] [PATCH 2/2] Do not send random bytes in message
Zdenek Kabelac
zkabelac at redhat.com
Wed Mar 2 18:09:08 UTC 2011
Fixing few issues:
struct clvm_header contains 'char args[1]' - so adding '+ 1' here
for the message length calculation is not correct - we end up with longer
message where last byte is uninitialized and passed to write function.
xid and clintid are initialized to 0.
Memory allocation is checked for NULL - though it's not really clear what
should happen in this case - so just log the message - probably it will
fail few moments later...
Signed-off-by: Zdenek Kabelac <zkabelac at redhat.com>
---
daemons/clvmd/clvmd.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/daemons/clvmd/clvmd.c b/daemons/clvmd/clvmd.c
index 00d330d..ecc366d 100644
--- a/daemons/clvmd/clvmd.c
+++ b/daemons/clvmd/clvmd.c
@@ -1743,13 +1743,18 @@ static void send_local_reply(struct local_client *client, int status, int fd)
}
/* Add in the size of our header */
- message_len = message_len + sizeof(struct clvm_header) + 1;
- replybuf = malloc(message_len);
+ message_len = message_len + sizeof(struct clvm_header);
+ if (!(replybuf = malloc(message_len))) {
+ DEBUGLOG("Memory allocation fails\n");
+ return;
+ }
clientreply = (struct clvm_header *) replybuf;
clientreply->status = status;
clientreply->cmd = CLVMD_CMD_REPLY;
clientreply->node[0] = '\0';
+ clientreply->xid = 0;
+ clientreply->clientid = 0;
clientreply->flags = 0;
ptr = clientreply->args;
--
1.7.4.1
More information about the lvm-devel
mailing list