This looks like a straight forward fix to a potentially nasty YP problem.

I will talk with Serge to see which of us is best suited to sponsor
the fix and get it resolved quickly.

Doug.

J?rgen Keil wrote:
> My first opensolaris contributed bugfix.  I have fixed
> 
>     6203874 ypxfrd coredumps in x86 master/SPARC slave scenarios
> 
> 
> Updated analysis for the bug:
> 
> Root cause for the coredump is that the original code is encoding the
> pagebuffer into network byteorder when mygetpage() hasn't returned OK;
> that is, when mygetpage() must have returned with GETDBM_EOF.
> 
> In the GETDBM_EOF case, no new data was filled into the "pagblock".
> The code in the DOSWAB section reads an already byteswapped length
> "cnt = s[0]" from the previous loop, and uses this bogus length to byteswap
> a block of shorts in memory.  Using the bogus length, it corrupts this
> memory block; the corruption is not limited to the local
> static variable "static  struct pag res;".
> 
> 
> Suggested fix:
> 
> *** usr/src/cmd/ypcmd/ypxfrd_server.c~  Tue Jun 14 09:44:51 2005
> --- usr/src/cmd/ypcmd/ypxfrd_server.c   Tue Jun 28 18:45:11 2005
> ***************
> *** 267,276 ****
>         res.status = mygetpage(res.pag_u.ok.blkdat, &(res.pag_u.ok.blkno), m);
> 
>   #ifdef DOSWAB
> !       s = (short *)res.pag_u.ok.blkdat;
> !       cnt = s[0];
> !       for (i = 0; i <= cnt; i++)
> !               s[i] = ntohs(s[i]);
>   #endif
> 
>         if (!xdr_pag(xdrs, &res))
> --- 267,278 ----
>         res.status = mygetpage(res.pag_u.ok.blkdat, &(res.pag_u.ok.blkno), m);
> 
>   #ifdef DOSWAB
> !       if (res.status == OK) {
> !               s = (short *)res.pag_u.ok.blkdat;
> !               cnt = s[0];
> !               for (i = 0; i <= cnt; i++)
> !                       s[i] = htons(s[i]);
> !       }
>   #endif
> 
>         if (!xdr_pag(xdrs, &res))
> ***************
> *** 283,292 ****
>                                         &(res.pag_u.ok.blkno), m);
> 
>   #ifdef DOSWAB
> !               s = (short *)res.pag_u.ok.blkdat;
> !               cnt = s[0];
> !               for (i = 0; i <= cnt; i++)
> !                       s[i] = ntohs(s[i]);
>   #endif
> 
>                 if (!xdr_pag(xdrs, &res))
> --- 285,296 ----
>                                         &(res.pag_u.ok.blkno), m);
> 
>   #ifdef DOSWAB
> !               if (res.status == OK) {
> !                       s = (short *)res.pag_u.ok.blkdat;
> !                       cnt = s[0];
> !                       for (i = 0; i <= cnt; i++)
> !                               s[i] = htons(s[i]);
> !               }
>   #endif
> 
>                 if (!xdr_pag(xdrs, &res))
> This message posted from opensolaris.org
> _______________________________________________
> request-sponsor mailing list
> request-sponsor at opensolaris.org

Reply via email to