There is a buffer overrun issue in the cl_log.c code if the entity name
passed to cl_log_set_entity or cl_direct_log is larger than MAXENTITY -
although the code uses strncpy() to copy the string, this will NOT add a
NUL character if the string is too long. This showed up using the
ccm_testclient sample program which passes argv[0] as the entity name
and which ends up writing garbage to stdout.

Fix is trivial - make sure that the last char in the array is a NUL;
patch attached - builds when applied to 2.0.1; it seems that the latest
dev version doesn't build on Rhel4.2 anymore -- rpmbuild whines about
null macros and missing %endif's in the spec file.

Simon

Attachment: cllog.patch
Description: cllog.patch

_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Reply via email to