[devel] [PATCH 1 of 1] plm: fix memory corruption in plms [#1244]

Thu, 22 Jan 2015 14:12:06 -0800 

 osaf/services/saf/plmsv/plms/hpi_intf/plms_epath_util.c |  2 +-
 osaf/services/saf/plmsv/plms/plms_adm_fsm.c             |  4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)


Symptoms of the problem include PLMS crashing, and the node resetting because of
the crash.

Valgrind shows memory corruption in the plms code.  A double free, and some
uninitialized reads.

Solution for the double free is...don't double free!  For the uninitialized read
the malloc'd string did not take into account the NULL terminator, and functions
later on (strchr) depend on a NULL terminator being there.

diff --git a/osaf/services/saf/plmsv/plms/hpi_intf/plms_epath_util.c 
b/osaf/services/saf/plmsv/plms/hpi_intf/plms_epath_util.c
--- a/osaf/services/saf/plmsv/plms/hpi_intf/plms_epath_util.c
+++ b/osaf/services/saf/plmsv/plms/hpi_intf/plms_epath_util.c
@@ -411,7 +411,7 @@ SaUint32T convert_string_to_epath(SaInt8
         }
         memset(epath_ptr, 0, sizeof(SaHpiEntityPathT));
 
-       epath_len = strlen(epath_str);
+       epath_len = strlen(epath_str) + 1;
         /* allocate memory to make a duplicate of epath_str */
         if (NULL == (epath = (SaInt8T *)malloc(epath_len)))
         {
diff --git a/osaf/services/saf/plmsv/plms/plms_adm_fsm.c 
b/osaf/services/saf/plmsv/plms/plms_adm_fsm.c
--- a/osaf/services/saf/plmsv/plms/plms_adm_fsm.c
+++ b/osaf/services/saf/plmsv/plms/plms_adm_fsm.c
@@ -1439,6 +1439,7 @@ SaUint32T plms_HE_adm_reset_op(PLMS_EVT 
                plms_aff_ent_exp_rdness_status_clear(act_aff_ent_list);
                plms_ent_exp_rdness_status_clear(ent);
                plms_ent_grp_list_free(trk_info->group_info_list);
+               trk_info->group_info_list = NULL;
        }else if (is_flag_aff){
                /*Fill the expected readiness state of the root ent.*/
                plms_ent_exp_rdness_state_ow(ent);
@@ -1457,7 +1458,7 @@ SaUint32T plms_HE_adm_reset_op(PLMS_EVT 
        
                plms_ent_exp_rdness_status_clear(ent);
                plms_ent_grp_list_free(trk_info->group_info_list);
-               
+               trk_info->group_info_list = NULL;
        }
 
        
/**********************************************************************/        
@@ -1488,7 +1489,6 @@ SaUint32T plms_HE_adm_reset_op(PLMS_EVT 
                trk_info->root_entity = ent;
                trk_info->track_count = count;
                trk_info->aff_ent_list = aff_ent_list;
-               trk_info->group_info_list = NULL;
        }
        else {
                ret_err = saImmOiAdminOperationResult(cb->oi_hdl,


------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to