Re: [devel] [PATCH 1 of 1] amfa: avoid illigal memory access [#1307]

Mon, 04 May 2015 00:24:34 -0700 

Ack, code review only/Thanks HansN

-----Original Message-----
From: [email protected] [mailto:[email protected]] 
Sent: den 21 april 2015 13:32
To: Hans Nordebäck; [email protected]
Cc: [email protected]
Subject: [PATCH 1 of 1] amfa: avoid illigal memory access [#1307]

 osaf/libs/agents/saf/amfa/ava_api.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)


While invalid handle is passed to saAmfProtectionGroupTrack_4, code jumps to 
done and calls avsv_nda_ava_msg_content_free(&msg). But msg is not meset to 
zero, so it has garbage values. Inside avsv_nda_ava_msg_content_free, the 
following code points to garbage pointer and agent crashes:
if (msg->info.cbk_info) {
    avsv_amf_cbk_free(msg->info.cbk_info);
msg need to be memset before code jumps to 'done'.

diff --git a/osaf/libs/agents/saf/amfa/ava_api.c 
b/osaf/libs/agents/saf/amfa/ava_api.c
--- a/osaf/libs/agents/saf/amfa/ava_api.c
+++ b/osaf/libs/agents/saf/amfa/ava_api.c
@@ -2194,6 +2194,9 @@ SaAisErrorT saAmfProtectionGroupTrack_4(
        SaAisErrorT rc = SA_AIS_OK;
        TRACE_ENTER2("SaAmfHandleT passed is %llx", hdl);
 
+       /* initialize the msg */
+       memset(&msg, 0, sizeof(AVSV_NDA_AVA_MSG));
+
        /* Verifying the input Handle & global handle */
        if(!gl_ava_hdl || hdl > AVSV_UNS32_HDL_MAX) {
                TRACE_2("Invalid SaAmfHandle passed by component: %llx",hdl); 
@@ -2226,9 +2229,6 @@ SaAisErrorT saAmfProtectionGroupTrack_4(
        /* TODO: check cluster membership, if node is not a member answer back 
with SA_AIS_ERR_UNAVAILABLE */
        /* TODO: check if handle is "old", due to node rejoin as member in 
cluster. If not: SA_AIS_ERR_UNAVAILABLE */
 
-       /* initialize the msg */
-       memset(&msg, 0, sizeof(AVSV_NDA_AVA_MSG));
-
        if (!csi_name || !(csi_name->length) || (csi_name->length > 
SA_MAX_NAME_LENGTH)) {
                TRACE_LEAVE2("Incorrect arguments");
                rc = SA_AIS_ERR_INVALID_PARAM;

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to