From: Daniel Klein <[email protected]> When cl_disp_post is called with message_id != CL_DISP_MSGID_NONE, it searches for the handler for the message in a vector using message_id as the index.
This change adds a check to verify that the message_id that is used as an index is not larger than vector's size. This change adds resiliency to the code when cl_disp_post() is called with an invalid message_id. Signed-off-by: Daniel Klein <[email protected]> Signed-off-by: Hal Rosenstock <[email protected]> --- complib/cl_dispatcher.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/complib/cl_dispatcher.c b/complib/cl_dispatcher.c index 6736d67..1255c83 100644 --- a/complib/cl_dispatcher.c +++ b/complib/cl_dispatcher.c @@ -302,6 +302,11 @@ cl_status_t cl_disp_post(IN const cl_disp_reg_handle_t handle, cl_spinlock_acquire(&p_disp->lock); /* Check that the recipient exists. */ + if (cl_ptr_vector_get_size(&p_disp->reg_vec) <= msg_id) { + cl_spinlock_release(&p_disp->lock); + return (CL_NOT_FOUND); + } + p_dest_reg = cl_ptr_vector_get(&p_disp->reg_vec, msg_id); if (!p_dest_reg) { cl_spinlock_release(&p_disp->lock); -- 1.7.8.2 -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
