The parent will receive the servename from the child to verify if it has
reached the max number of connections. When the servename is the empty name, it
will try to allocate a 0-sized buffer, which will return a NULL pointer, and
that segfaults when running strcmp.
Signed-off-by: Thadeu Lima de Souza Cascardo <casca...@canonical.com>
---
nbd-server.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/nbd-server.c b/nbd-server.c
index c2e20c2..1d1f4c8 100644
--- a/nbd-server.c
+++ b/nbd-server.c
@@ -2952,7 +2952,8 @@ static int handle_childname(GArray* servers, int socket)
break;
}
}
- buf = g_malloc0(len);
+ buf = g_malloc0(len + 1);
+ buf[len] = 0;
readit(socket, buf, len);
for(i=0; i<servers->len; i++) {
SERVER* srv = &g_array_index(servers, SERVER, i);
--
2.17.0
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nbd-general mailing list
Nbd-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nbd-general
