- Description has changed:
Diff:
~~~~
--- old
+++ new
@@ -1,5 +1,5 @@
Migrated from http://devel.opensaf.org/ticket/2694.
-When an installed bundle object is deleted the AVD OI checks if any component
is still using the bundle on that node. This check is made using a memcmp (in
is_swbdl_delete_ok_for_node) where the complete SaNameT structure is compared.
This will only work if everyone makes shure to clear the complete structure
before using it. In this case one of the SaNameT used for comparison is
received from the IMM so it relies on that the IMM is clearing it. It looks
like the IMM is allocating it with calloc so by chance it looks like it may
work.
+When an installed bundle object is deleted the AVD OI checks if any component
is still using the bundle on that node. This check is made using a memcmp (in
is_swbdl_delete_ok_for_node) where the complete SaNameT structure is compared.
This will only work if everyone makes sure to clear the complete structure
before using it. In this case one of the SaNameT used for comparison is
received from the IMM so it relies on that the IMM is clearing it. It looks
like the IMM is allocating it with calloc so by chance it looks like it may
work.
When comparing SaNameT variables we can't rely on this so only the defined
data should be compared.
Maybe this is done in similar ways in other places as well.
~~~~
---
** [tickets:#275] amf: AVD non secure comparison of SaNameT bundle name.**
**Status:** unassigned
**Milestone:** future
**Created:** Mon May 20, 2013 06:27 AM UTC by Praveen
**Last Updated:** Wed Jul 15, 2015 02:41 PM UTC
**Owner:** nobody
Migrated from http://devel.opensaf.org/ticket/2694.
When an installed bundle object is deleted the AVD OI checks if any component
is still using the bundle on that node. This check is made using a memcmp (in
is_swbdl_delete_ok_for_node) where the complete SaNameT structure is compared.
This will only work if everyone makes sure to clear the complete structure
before using it. In this case one of the SaNameT used for comparison is
received from the IMM so it relies on that the IMM is clearing it. It looks
like the IMM is allocating it with calloc so by chance it looks like it may
work.
When comparing SaNameT variables we can't rely on this so only the defined data
should be compared.
Maybe this is done in similar ways in other places as well.
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
