[devel] [PATCH 1 of 1] amfa: avoid illigal memory access [#1307]

Tue, 21 Apr 2015 04:34:28 -0700 

 osaf/libs/agents/saf/amfa/ava_api.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)


While invalid handle is passed to saAmfProtectionGroupTrack_4, code jumps to
done and calls avsv_nda_ava_msg_content_free(&msg). But msg is not meset
to zero, so it has garbage values. Inside avsv_nda_ava_msg_content_free, the
following code points to garbage pointer and agent crashes:
if (msg->info.cbk_info) {
    avsv_amf_cbk_free(msg->info.cbk_info);
msg need to be memset before code jumps to 'done'.

diff --git a/osaf/libs/agents/saf/amfa/ava_api.c 
b/osaf/libs/agents/saf/amfa/ava_api.c
--- a/osaf/libs/agents/saf/amfa/ava_api.c
+++ b/osaf/libs/agents/saf/amfa/ava_api.c
@@ -2194,6 +2194,9 @@ SaAisErrorT saAmfProtectionGroupTrack_4(
        SaAisErrorT rc = SA_AIS_OK;
        TRACE_ENTER2("SaAmfHandleT passed is %llx", hdl);
 
+       /* initialize the msg */
+       memset(&msg, 0, sizeof(AVSV_NDA_AVA_MSG));
+
        /* Verifying the input Handle & global handle */
        if(!gl_ava_hdl || hdl > AVSV_UNS32_HDL_MAX) {
                TRACE_2("Invalid SaAmfHandle passed by component: %llx",hdl);
@@ -2226,9 +2229,6 @@ SaAisErrorT saAmfProtectionGroupTrack_4(
        /* TODO: check cluster membership, if node is not a member answer back 
with SA_AIS_ERR_UNAVAILABLE */
        /* TODO: check if handle is "old", due to node rejoin as member in 
cluster. If not: SA_AIS_ERR_UNAVAILABLE */
 
-       /* initialize the msg */
-       memset(&msg, 0, sizeof(AVSV_NDA_AVA_MSG));
-
        if (!csi_name || !(csi_name->length) || (csi_name->length > 
SA_MAX_NAME_LENGTH)) {
                TRACE_LEAVE2("Incorrect arguments");
                rc = SA_AIS_ERR_INVALID_PARAM;

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to