On 18.05.2011 16:15, Steven Dake wrote:
Sorry, I should have been more explicit in my commit message regarding why I did this patch:On 05/18/2011 06:22 AM, Jerome Flesch wrote:--- exec/coroipcs.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)diff --git a/exec/coroipcs.c b/exec/coroipcs.c index 4c18c10..a7bb67f 100644 --- a/exec/coroipcs.c +++ b/exec/coroipcs.c @@ -1736,7 +1736,7 @@ int coroipcs_handler_dispatch ( * the ipc connection */ if (conn_info->service == SOCKET_SERVICE_INIT) { - conn_info->service = -1; + conn_info->service = 0; } } else if (revent& POLLIN) {This patch isn't correct. 0 is an actual service id. I'd recommend making a define such as #define SOCKET_SERVICE_SECURITY_VIOLATION 0xffffffff and use that. I see why you have problems with this (the type is unsigned) and my gcc is not complaining.
If you look in include/corosync/coroipc_ipc.h, the value of SOCKET_SERVICE_INIT is actually 0xFFFFFFFF, aka -1. So basically, the current security check has no effect and multiple configurations of the same IPC connection are still possible.
However, you are right, I missed the fact that 0 is an actual service. I will redo this patch as you suggest with a:
#define SOCKET_SERVICE_SECURITY_VIOLATION 0xFFFFFFFFE
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
