[tickets] [opensaf:tickets] #2927 smf: crash in CcbApplyCallback() due to NULL access

Fri, 21 Sep 2018 20:02:53 -0700 

- **status**: review --> fixed
- **Comment**:

develop:

commit 2c1ba3aefb1f35a27a12532a05eaa06cd37bb3b5
Author: thuan.tran <[email protected]>
Date:   Fri Sep 21 07:06:16 2018 +0000

    smf: improve CcbApplyCallback() to avoid NULL access [#2927]
    
    Current CcbApplyCallback() is not safe, may access NULL pointer
    cause SMFD crash and node restart.



---

** [tickets:#2927] smf: crash in CcbApplyCallback() due to NULL access**

**Status:** fixed
**Milestone:** 5.18.09
**Created:** Mon Sep 17, 2018 10:57 AM UTC by Thuan
**Last Updated:** Tue Sep 18, 2018 02:30 AM UTC
**Owner:** Thuan


SMFD crash in following code:

src/smf/smfd/SmfImmApplierHdl.cc

    static void CcbApplyCallback(SaImmOiHandleT immOiHandle, SaImmOiCcbIdT 
ccbId) {
      ....
      TRACE("%s: Read value in attributes", __FUNCTION__);
      attrMod = opdata->param.modify.attrMods[0];
      attribute = attrMod->modAttr;
      
      for (int i = 1; attrMod != nullptr; i++) {
        /* Get the value */
        if (attribute_name.compare(attribute.attrName) != 0) {_
          // Not found
          attrMod = opdata->param.modify.attrMods[i];
          attribute = attrMod->modAttr;                 <= CRASH HERE
          continue;
        }

Proposal solution:
~~~
--- a/src/smf/smfd/SmfImmApplierHdl.cc
+++ b/src/smf/smfd/SmfImmApplierHdl.cc
@@ -446,14 +446,13 @@ static void CcbApplyCallback(SaImmOiHandleT immOiHandle, 
SaImmOiCcbIdT ccbId) {
    */
   TRACE("%s: Read value in attributes", __FUNCTION__);
   attrMod = opdata->param.modify.attrMods[0];
-  attribute = attrMod->modAttr;

   for (int i = 1; attrMod != nullptr; i++) {
     /* Get the value */
+    attribute = attrMod->modAttr;
     if (attribute_name_.compare(attribute.attrName) != 0) {
       // Not found
       attrMod = opdata->param.modify.attrMods[i];
-      attribute = attrMod->modAttr;
       continue;
     }
~~~




---

Sent from sourceforge.net because [email protected] is 
subscribed to https://sourceforge.net/p/opensaf/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/opensaf/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets






















					Reply via email to