Add a check field to the handle structure to make it less

likely to get a random valid handle.
Fix a couple bugs in the event service that this change exposed.


git-svn-id: http://svn.fedorahosted.org/svn/corosync/trunk@791 fd59a12c-fef9-0310-b244-a6a79926bd2f

exec/evt.c

@@ -314,7 +314,7 @@ struct open_chan_pending {
 	struct conn_info	*ocp_conn_info;
 	SaEvtChannelOpenFlagsT	ocp_open_flag;
 	poll_timer_handle	ocp_timer_handle;
-	uint32_t			ocp_c_handle;
+	uint64_t			ocp_c_handle;
 	struct list_head	ocp_entry;
 };
 
@@ -491,7 +491,7 @@ struct event_data {
  * 					(struct event_server_instance.esi_events)
  */
 struct chan_event_list {
-	uint32_t			cel_chan_handle;
+	uint64_t			cel_chan_handle;
 	uint32_t			cel_sub_id;
 	struct event_data* 	cel_event;
 	struct list_head 	cel_entry;
@@ -513,7 +513,7 @@ struct chan_event_list {
  */
 struct event_svr_channel_open {
 	uint8_t								eco_flags;
-	uint32_t							eco_lib_handle;
+	uint64_t							eco_lib_handle;
 	uint32_t							eco_my_handle;
 	struct event_svr_channel_instance 	*eco_channel;
 	struct list_head 					eco_entry;

lib/evt.c

@@ -354,7 +354,7 @@ saEvtInitialize(
 	 * assign instance data to unique handle
 	 */
 	error = saHandleCreate(&evt_instance_handle_db, sizeof(*evti), 
-			(void*)evtHandle);
+			evtHandle);
 	if (error != SA_AIS_OK) {
 		goto error_nofree;
 	}
@@ -460,7 +460,7 @@ static SaAisErrorT make_event(SaEvtEventHandleT *event_handle,
 	int i;
 
 	error = saHandleCreate(&event_handle_db, sizeof(*edi), 
-		(void*)event_handle);
+		event_handle);
 	if (error != SA_AIS_OK) {
 		if (error == SA_AIS_ERR_NO_MEMORY) {
 			error = SA_AIS_ERR_LIBRARY;
@@ -904,7 +904,7 @@ saEvtChannelOpen(
 	 * create a handle for this open channel
 	 */
 	error = saHandleCreate(&channel_handle_db, sizeof(*eci), 
-			(void*)channelHandle);
+			channelHandle);
 	if (error != SA_AIS_OK) {
 		goto chan_open_put;
 	}
@@ -1309,7 +1309,7 @@ saEvtEventAllocate(
 	}
 
 	error = saHandleCreate(&event_handle_db, sizeof(*edi), 
-			(void*)eventHandle);
+			eventHandle);
 	if (error != SA_AIS_OK) {
 		goto alloc_put2;
 	}

lib/util.c

@@ -64,6 +64,7 @@ struct saHandle {
 	int state;
 	void *instance;
 	int refCount;
+	uint32_t check;
 };
 
 SaErrorT
@@ -425,7 +426,8 @@ saHandleCreate (
 	int instanceSize,
 	SaUint64T *handleOut)
 {
-	int handle;
+	uint32_t handle;
+	uint32_t check;
 	void *newHandles;
 	int found = 0;
 	void *instance;
@@ -454,6 +456,10 @@ saHandleCreate (
 	if (instance == 0) {
 		return (SA_AIS_ERR_NO_MEMORY);
 	}
+
+
+	check = random();
+
 	memset (instance, 0, instanceSize);
 
 	handleDatabase->handles[handle].state = SA_HANDLE_STATE_ACTIVE;
@@ -462,7 +468,9 @@ saHandleCreate (
 
 	handleDatabase->handles[handle].refCount = 1;
 
-	*handleOut = handle;
+	handleDatabase->handles[handle].check = check;
+
+	*handleOut = (SaUint64T)((uint64_t)check << 32 | handle);
 
 	pthread_mutex_unlock (&handleDatabase->mutex);
 
@@ -473,26 +481,39 @@ saHandleCreate (
 SaErrorT
 saHandleDestroy (
 	struct saHandleDatabase *handleDatabase,
-	SaUint64T handle)
+	SaUint64T inHandle)
 {
+	SaAisErrorT error = SA_AIS_OK;
+	uint32_t check = inHandle >> 32;
+	uint32_t handle = inHandle & 0xffffffff;
+
 	pthread_mutex_lock (&handleDatabase->mutex);
 
+	if (check != handleDatabase->handles[handle].check) {
+		error = SA_AIS_ERR_BAD_HANDLE;
+		goto error_exit;
+	}
+
 	handleDatabase->handles[handle].state = SA_HANDLE_STATE_PENDINGREMOVAL;
 
+error_exit:
 	pthread_mutex_unlock (&handleDatabase->mutex);
 
-	saHandleInstancePut (handleDatabase, handle);
+	saHandleInstancePut (handleDatabase, inHandle);
 
-	return (SA_AIS_OK);
+	return (error);
 }
 
 
 SaErrorT
 saHandleInstanceGet (
 	struct saHandleDatabase *handleDatabase,
-	SaUint64T handle,
+	SaUint64T inHandle,
 	void **instance)
 { 
+	uint32_t check = inHandle >> 32;
+	uint32_t handle = inHandle & 0xffffffff;
+
 	SaErrorT error = SA_AIS_OK;
 	pthread_mutex_lock (&handleDatabase->mutex);
 
@@ -504,6 +525,11 @@ saHandleInstanceGet (
 		error = SA_AIS_ERR_BAD_HANDLE;
 		goto error_exit;
 	}
+	if (check != handleDatabase->handles[handle].check) {
+		error = SA_AIS_ERR_BAD_HANDLE;
+		goto error_exit;
+	}
+
 
 	*instance = handleDatabase->handles[handle].instance;
 
@@ -519,12 +545,20 @@ error_exit:
 SaErrorT
 saHandleInstancePut (
 	struct saHandleDatabase *handleDatabase,
-	SaUint64T handle)
+	SaUint64T inHandle)
 {
 	void *instance;
+	SaAisErrorT error = SA_AIS_OK;
+	uint32_t check = inHandle >> 32;
+	uint32_t handle = inHandle & 0xffffffff;
 
 	pthread_mutex_lock (&handleDatabase->mutex);
 
+	if (check != handleDatabase->handles[handle].check) {
+		error = SA_AIS_ERR_BAD_HANDLE;
+		goto error_exit;
+	}
+
 	handleDatabase->handles[handle].refCount -= 1;
 	assert (handleDatabase->handles[handle].refCount >= 0);
 
@@ -535,9 +569,10 @@ saHandleInstancePut (
 		memset (&handleDatabase->handles[handle], 0, sizeof (struct saHandle));
 	}
 
+error_exit:
 	pthread_mutex_unlock (&handleDatabase->mutex);
 
-	return (SA_AIS_OK);
+	return (error);
 }