Hi Christine and Steven,
this patch fixes a segfault/crash in confdb_write.
If the operation is succesful there is no need to set error_string. If
error_string is not set, don't try to access it or we crash.
At the same time perform the same check in libconfdb when we receive the
reply.
Please apply
Fabio
--
I'm going to make him an offer he can't refuse.
Index: exec/confdb.c
===================================================================
--- exec/confdb.c (revision 1568)
+++ exec/confdb.c (working copy)
@@ -455,7 +455,7 @@
{
struct res_lib_confdb_write res_lib_confdb_write;
int ret = SA_AIS_OK;
- char *error_string;
+ char *error_string = NULL;
if (global_objdb->object_write_config(&error_string))
ret = SA_AIS_ERR_ACCESS;
@@ -463,8 +463,11 @@
res_lib_confdb_write.header.size = sizeof(res_lib_confdb_write);
res_lib_confdb_write.header.id = MESSAGE_RES_CONFDB_WRITE;
res_lib_confdb_write.header.error = ret;
- strcpy((char *)res_lib_confdb_write.error.value, error_string);
- res_lib_confdb_write.error.length = strlen(error_string) + 1;
+ if (error_string) {
+ strcpy((char *)res_lib_confdb_write.error.value, error_string);
+ res_lib_confdb_write.error.length = strlen(error_string) + 1;
+ } else
+ res_lib_confdb_write.error.length = 0;
openais_conn_send_response(conn, &res_lib_confdb_write,
sizeof(res_lib_confdb_write));
}
Index: lib/confdb.c
===================================================================
--- lib/confdb.c (revision 1568)
+++ lib/confdb.c (working copy)
@@ -1130,7 +1130,8 @@
}
error = res_lib_confdb_write.header.error;
- memcpy(error_text, res_lib_confdb_write.error.value,
res_lib_confdb_write.error.length);
+ if (res_lib_confdb_write.error.length)
+ memcpy(error_text, res_lib_confdb_write.error.value,
res_lib_confdb_write.error.length);
error_exit:
saHandleInstancePut (&confdb_handle_t_db, handle);
_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais
