There is a buffer overrun issue in the cl_log.c code if the entity name passed to cl_log_set_entity or cl_direct_log is larger than MAXENTITY - although the code uses strncpy() to copy the string, this will NOT add a NUL character if the string is too long. This showed up using the ccm_testclient sample program which passes argv[0] as the entity name and which ends up writing garbage to stdout.
Fix is trivial - make sure that the last char in the array is a NUL; patch attached - builds when applied to 2.0.1; it seems that the latest dev version doesn't build on Rhel4.2 anymore -- rpmbuild whines about null macros and missing %endif's in the spec file. Simon
cllog.patch
Description: cllog.patch
_______________________________________________________ Linux-HA-Dev: [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/
