ntfimcnd unexpectedly exits when reserving memory for empty SaNameT attribute. The issue happens becasue ntfimcnd passes the SaNameT's length which is 0, to saNtfPtrValAllocate function.
This patch helps avoid the issue by increasing the SaNameT' length to 1 before passing it to the saNtfPtrValAllocate function. A test case to verify the issue is also included in this patch. --- src/ntf/apitest/test_ntf_imcn.cc | 75 +++++++++++++++++++++++++++++++++++++ src/ntf/ntfimcnd/ntfimcn_notifier.c | 4 +- 2 files changed, 78 insertions(+), 1 deletion(-) diff --git a/src/ntf/apitest/test_ntf_imcn.cc b/src/ntf/apitest/test_ntf_imcn.cc index 47f4fe4..b1a1e87 100644 --- a/src/ntf/apitest/test_ntf_imcn.cc +++ b/src/ntf/apitest/test_ntf_imcn.cc @@ -6095,6 +6095,78 @@ void objectModifyTest_3507(void) { test_validate(error, SA_AIS_OK); } +/** + * Modify (REPLACE, NAME) a runtime test object with empty SaNameT and verify + * correctness of generated notification. + */ +void objectModifyTest_empty_sanamet(void) { + SaAisErrorT error = SA_AIS_OK; + safassert(init_ntf(), SA_AIS_OK); + safassert(subscribe_notifications(), SA_AIS_OK); + rec_notif_data.populated = SA_FALSE; + + /* modify the runtime object with an empty attribute*/ + + const SaUint8T empty_name[] = {}; + SaNameT modify_var = {.length = sizeof(empty_name)}; + memcpy(modify_var.value, empty_name, sizeof(empty_name)); + void *v[] = {&modify_var}; + TestAttributeValue att = {.attrName = "testName", + .attrType = SA_IMM_ATTR_SANAMET, + .attrValues = v}; + TestAttributeValue *attrs[] = {&att, NULL}; + + /* + * Modify (ADD) the object in IMM. + */ + modify_rt_test_object(DNTESTRT, SA_IMM_ATTR_VALUES_REPLACE, attrs); + + /* + * Wait for notification reception. + */ + int dwCnt = 0; + while (dwCnt++ < POLLWAIT && !rec_notif_data.populated) { + NtfTest::saNtfDispatch(ntfHandle, SA_DISPATCH_ALL); + if (!rec_notif_data.populated) + base::Sleep(base::kOneMillisecond); + } + + if (rec_notif_data.populated) { + NotifData n_exp; + safassert( + set_ntf(&n_exp, SA_NTF_ATTRIBUTE_CHANGED, DNTESTRT, 3, 3), + SA_AIS_OK); + safassert( + set_add_info(&n_exp, 0, 0, "SaImmAttrImplementerName"), + SA_AIS_OK); + safassert(set_add_info(&n_exp, 1, 1, "SaImmAttrClassName"), + SA_AIS_OK); + safassert(set_add_info(&n_exp, 2, 2, "testName"), SA_AIS_OK); + safassert(set_attr_change_str(&n_exp, 0, 0, IMPLEMENTERNAME_RT), + SA_AIS_OK); + safassert(set_attr_change_str(&n_exp, 1, 1, "OsafNtfCmTestRT"), + SA_AIS_OK); + ++modify_var.length; + safassert(set_attr_change_buf(&n_exp, 2, 2, + SA_NTF_VALUE_LDAP_NAME, &modify_var), + SA_AIS_OK); + + if (!compare_notifs(&n_exp, &rec_notif_data)) { + print_notif(&n_exp); + print_notif(&rec_notif_data); + error = SA_AIS_ERR_FAILED_OPERATION; + } + safassert(saNtfNotificationFree(rec_notif_data.nHandle), + SA_AIS_OK); + safassert(saNtfNotificationFree(n_exp.nHandle), SA_AIS_OK); + } else { + error = SA_AIS_ERR_FAILED_OPERATION; + } + safassert(unsub_notifications(), SA_AIS_OK); + safassert(NtfTest::saNtfFinalize(ntfHandle), SA_AIS_OK); + test_validate(error, SA_AIS_OK); +} + __attribute__((constructor)) static void ntf_imcn_constructor(void) { struct stat buf; int rc = 0; @@ -6163,6 +6235,7 @@ __attribute__((constructor)) static void ntf_imcn_constructor(void) { test_case_add(32, objectModifyTest_11, "runtime, attr ch, ADD (STRING)"); test_case_add(32, objectModifyTest_12, "runtime, attr ch, ADD (NAME)"); + test_case_add(32, objectModifyTest_13, "runtime, attr ch, ADD (ANY)"); test_case_add(32, objectModifyTest_14, "runtime, attr ch, REPLACE (STRING, DOUBLE)"); @@ -6174,6 +6247,8 @@ __attribute__((constructor)) static void ntf_imcn_constructor(void) { "runtime, attr ch, DELETE (STRING, INT32)"); test_case_add(32, objectModifyTest_18, "runtime, attr ch, ADD (ALL TYPES)"); + test_case_add(32, objectModifyTest_empty_sanamet, + "runtime, attr ch, replace empty sanamet (NAME)"); test_case_add(32, objectDeleteTest_19, "DELETE, runtime (OsafNtfCmTestRT) object"); test_case_add(32, objectCreateTest_20, diff --git a/src/ntf/ntfimcnd/ntfimcn_notifier.c b/src/ntf/ntfimcnd/ntfimcn_notifier.c index 5622126..af1b6da 100644 --- a/src/ntf/ntfimcnd/ntfimcn_notifier.c +++ b/src/ntf/ntfimcnd/ntfimcn_notifier.c @@ -332,10 +332,12 @@ static int fill_attribute_value(SaNtfNotificationHandleT notificationHandle, case SA_IMM_ATTR_SANAMET: /* SaNameT */ name_value = *(SaNameT *)attrValues_in[attrValues_index_in]; + str_len = strlen(osaf_extended_name_borrow(&name_value)); + if (str_len == 0) ++str_len; internal_rc = fill_value_array( notificationHandle, (SaUint8T *)osaf_extended_name_borrow(&name_value), - strlen(osaf_extended_name_borrow(&name_value)), value_out); + str_len, value_out); if (internal_rc != 0) { LOG_ER("%s: fill_value_array failed", __FUNCTION__); goto done; -- 2.7.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Opensaf-devel mailing list Opensaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opensaf-devel