Página inicial Explorar Ajuda
Entrar
LBP
/
corosync
mirror de https://github.com/corosync/corosync
4
0
Fork 0
Arquivos Issues 0 Wiki
Ver código fonte

confdb: Properly check result of object_find_create

in confdb_object_iter result of object_find_create is now properly
checked. object_find_create can return -1 if object doesn't exists.
Without this check, incorrect handle (memory garbage) was directly
passed to object_find_next.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Angus Salkeld <asalkeld@redhat.com>
(cherry picked from commit 9afb4bdaa84aa3e7b48aa0a5136ee039dc73e19a)
Jan Friesse 14 anos atrás
pai
b15385cd0f
commit
62f921b4be
1 arquivos alterados com 21 adições e 8 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 21 8
      services/confdb.c

+ 21 - 8
services/confdb.c
Ver arquivo 

@@ -680,9 +680,12 @@ static void message_handler_req_lib_confdb_object_iter (void *conn,
 
 	int ret = CS_OK;
 
 
 	if (!req_lib_confdb_object_iter->find_handle) {
 
-		api->object_find_create(req_lib_confdb_object_iter->parent_object_handle,
 
+		if (api->object_find_create(req_lib_confdb_object_iter->parent_object_handle,
 
 					NULL, 0,
 
-					m2h(&res_lib_confdb_object_iter.find_handle));
 
+					m2h(&res_lib_confdb_object_iter.find_handle)) == -1) {
 
+			ret = CS_ERR_ACCESS;
 
+			goto response_send;
 
+		}
 
 	}
 
 	else
 
 		res_lib_confdb_object_iter.find_handle = req_lib_confdb_object_iter->find_handle;
 
@@ -693,12 +696,17 @@ static void message_handler_req_lib_confdb_object_iter (void *conn,
 
 		api->object_find_destroy(res_lib_confdb_object_iter.find_handle);
 
 	}
 
 	else {
 
-		api->object_name_get(res_lib_confdb_object_iter.object_handle,
 
+		if (api->object_name_get(res_lib_confdb_object_iter.object_handle,
 
 				     (char *)res_lib_confdb_object_iter.object_name.value,
 
-				     &object_name_len);
 
-
 
-		res_lib_confdb_object_iter.object_name.length = object_name_len;
 
+				     &object_name_len) == -1) {
 
+			ret = CS_ERR_ACCESS;
 
+			goto response_send;
 
+		} else {
 
+			res_lib_confdb_object_iter.object_name.length = object_name_len;
 
+		}
 
 	}
 
+
 
+response_send:
 
 	res_lib_confdb_object_iter.header.size = sizeof(res_lib_confdb_object_iter);
 
 	res_lib_confdb_object_iter.header.id = MESSAGE_RES_CONFDB_OBJECT_ITER;
 
 	res_lib_confdb_object_iter.header.error = ret;
 
@@ -715,10 +723,13 @@ static void message_handler_req_lib_confdb_object_find (void *conn,
 
 	int ret = CS_OK;
 
 
 	if (!req_lib_confdb_object_find->find_handle) {
 
-		api->object_find_create(req_lib_confdb_object_find->parent_object_handle,
 
+		if (api->object_find_create(req_lib_confdb_object_find->parent_object_handle,
 
 					req_lib_confdb_object_find->object_name.value,
 
 					req_lib_confdb_object_find->object_name.length,
 
-					m2h(&res_lib_confdb_object_find.find_handle));
 
+					m2h(&res_lib_confdb_object_find.find_handle)) == -1) {
 
+			ret = CS_ERR_ACCESS;
 
+			goto response_send;
 
+		}
 
 	}
 
 	else
 
 		res_lib_confdb_object_find.find_handle = req_lib_confdb_object_find->find_handle;
 
@@ -729,6 +740,8 @@ static void message_handler_req_lib_confdb_object_find (void *conn,
 
 		api->object_find_destroy(res_lib_confdb_object_find.find_handle);
 
 	}
 
 
+
 
+response_send:
 
 	res_lib_confdb_object_find.header.size = sizeof(res_lib_confdb_object_find);
 
 	res_lib_confdb_object_find.header.id = MESSAGE_RES_CONFDB_OBJECT_FIND;
 
 	res_lib_confdb_object_find.header.error = ret;