- **status**: review --> fixed
- **Comment**:
changeset: 5860:84958d45db94
tag: tip
parent: 5856:0a49a5579cf3
user: Anders Bjornerstedt <[email protected]>
date: Fri Sep 19 12:53:32 2014 +0200
summary: imm: In saImmOiAugmentCcbInitialize goto function end if
om_handle_init fails [#1095]
changeset: 5859:5a5e82f5bdd9
branch: opensaf-4.5.x
parent: 5855:e39db94c18e1
user: Anders Bjornerstedt <[email protected]>
date: Fri Sep 19 12:53:32 2014 +0200
summary: imm: In saImmOiAugmentCcbInitialize goto function end if
om_handle_init fails [#1095]
changeset: 5858:4063054eef35
branch: opensaf-4.4.x
parent: 5854:cbd0e5affe17
user: Anders Bjornerstedt <[email protected]>
date: Fri Sep 19 12:53:32 2014 +0200
summary: imm: In saImmOiAugmentCcbInitialize goto function end if
om_handle_init fails [#1095]
changeset: 5857:de216678a749
branch: opensaf-4.3.x
parent: 5853:835d573dd136
user: Anders Bjornerstedt <[email protected]>
date: Fri Sep 19 12:53:32 2014 +0200
summary: imm: In saImmOiAugmentCcbInitialize goto function end if
om_handle_init fails [#1095]
---
** [tickets:#1095] imm: imm can crash in saImmOiAugmentCcbInitialize**
**Status:** fixed
**Milestone:** 4.3.3
**Created:** Tue Sep 16, 2014 01:26 PM UTC by Zoran Milinkovic
**Last Updated:** Fri Sep 19, 2014 10:59 AM UTC
**Owner:** Anders Bjornerstedt
In saImmOiAugmentCcbInitialize, if immsv_om_handle_initialize returns non
SA_AIS_OK, then "rc" value is converted in SA_AIS_ERR_TRY_AGAIN (cl_node ==
NULL)
In "done:" block, the call of imma_oi_ccb_record_augment may crash the library,
accessing fields in cl_node struct, which is NULL
cl_node = NULL; /* avoid unsafe use */
if(immsv_om_handle_initialize) {/*This is always the first
immsv_om_ call */
rc = immsv_om_handle_initialize(&privateOmHandle,
&version);
} else {
TRACE("ERR_LIBRARY: Error in library linkage.
libSaImmOm.so is not linked");
rc = SA_AIS_ERR_LIBRARY;
}
if(rc != SA_AIS_OK) {
TRACE("ERR_TRY_AGAIN: failed to obtain internal om
handle rc:%u", rc);
rc = SA_AIS_ERR_TRY_AGAIN;
goto done;
}
.....
done:
if (locked) {
m_NCS_UNLOCK(&cb->cb_lock, NCS_LOCK_WRITE);
}
if(rc == SA_AIS_OK || rc == SA_AIS_ERR_TRY_AGAIN) {
/* mark oi_ccb_record with privateOmHandle to avoid repeated
open/close
of private-om-handle for each try again or each ccb op. The
handle
is closed when the ccb is terminated (apply-uc or abort-uc).
*/
imma_oi_ccb_record_augment(cl_node, ccbId, privateOmHandle,
privateAoHandle);
.....
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.------------------------------------------------------------------------------
Slashdot TV. Video for Nerds. Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
