---
** [tickets:#1135] Imm: Missing validity check on 'objectName' in
saImmOmSearchInitialize**
**Status:** unassigned
**Milestone:** 4.3.3
**Created:** Thu Sep 25, 2014 08:20 AM UTC by Anders Bjornerstedt
**Last Updated:** Thu Sep 25, 2014 08:20 AM UTC
**Owner:** nobody
If one compares saImmOmSearchInitialize with saImmOmAccessorGet one can see
this check in accessorGet (4.4 version of the code):
if ((objectName == NULL) || (objectName->length == 0) ||
(objectName->length >= SA_MAX_NAME_LENGTH)) {
TRACE_2("ERR_INVALID_PARAM: Incorrect parameter contents:
objectName");
TRACE_LEAVE();
return SA_AIS_ERR_INVALID_PARAM;
}
But no corresponding check on 'rootName' in the searchInitialize code.
The check can not be identical, because the 'rootName' argument in
searchInitialize can be NULL if the search is to be global.
But if rootName is not NULL then a corresponding check must be done.
In addition, if rootName is not NULL, we must allow the case of the
root being empty (rootName->length == 0).
For backwards compatibility we also have to allow the case:
((rootName->length !=0) && strnlen(rootName->value, rootName->length)==0)
The check that rootName->lenght is within bounds is here assumed to have
been done earlier.
This bug has apparently always been there. It has nothing to do with 4.5
or long-names etc, but it will impact code that is long-name addapted in 4.5.
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
