- **Comment**:
Removed unnecessary check for non extended name of rootName
opensaf-4.5.x:
changeset: 5944:2c453f5b5873
branch: opensaf-4.5.x
parent: 5942:710cd9700c85
user: Zoran Milinkovic <[email protected]>
date: Tue Sep 30 14:03:34 2014 +0200
summary: imm: remove unnecessary check of string length [#1135]
-----
default(4.6):
changeset: 5945:17ebc648a310
tag: tip
parent: 5943:6690b465643e
user: Zoran Milinkovic <[email protected]>
date: Tue Sep 30 14:03:34 2014 +0200
summary: imm: remove unnecessary check of string length [#1135]
---
** [tickets:#1135] Imm: Missing validity check on 'objectName' in
saImmOmSearchInitialize**
**Status:** fixed
**Milestone:** 4.3.3
**Created:** Thu Sep 25, 2014 08:20 AM UTC by Anders Bjornerstedt
**Last Updated:** Tue Sep 30, 2014 08:44 AM UTC
**Owner:** Zoran Milinkovic
If one compares saImmOmSearchInitialize with saImmOmAccessorGet one can see
this check in accessorGet (4.4 version of the code):
if ((objectName == NULL) || (objectName->length == 0) ||
(objectName->length >= SA_MAX_NAME_LENGTH)) {
TRACE_2("ERR_INVALID_PARAM: Incorrect parameter contents:
objectName");
TRACE_LEAVE();
return SA_AIS_ERR_INVALID_PARAM;
}
But no corresponding check on 'rootName' in the searchInitialize code.
The check can not be identical, because the 'rootName' argument in
searchInitialize can be NULL if the search is to be global.
But if rootName is not NULL then a corresponding check must be done.
In addition, if rootName is not NULL, we must allow the case of the
root being empty (rootName->length == 0).
For backwards compatibility we also have to allow the case:
((rootName->length !=0) && strnlen(rootName->value, rootName->length)==0)
The check that rootName->lenght is within bounds is here assumed to have
been done earlier.
This bug has apparently always been there. It has nothing to do with 4.5
or long-names etc, but it will impact code that is long-name addapted in 4.5.
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
