Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Cluster Development (http://www.linux-archive.org/cluster-development/)
-   -   resrules: fix free while passing the pointer to caller (http://www.linux-archive.org/cluster-development/651644-resrules-fix-free-while-passing-pointer-caller.html)

Jan Pokorný 04-02-2012 10:06 AM

resrules: fix free while passing the pointer to caller
 
The version ("OCF API Version" as declared in the code) for resource
rules cannot be obtained correctly as the memory is being immediately
freed before passing up to the caller. What's worse, the caller
could then access uninitialized memory through this pointer
(print_resource_rule and especially destroy_resource_rule which could
lead to crash easily, IMHO).

The patch fixes this, making no difference between success
and failure in getting the version. Both should be handled
correctly when either dumping resource rule or destroying it.

Aside: was this version field ever actively used or is this a legacy
part not expected to be triggered?
[ I have no test case at hand, this was random spot, sorry. ]

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
---
resrules.c | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/resrules.c b/resrules.c
index cc59e30..581be9e 100644
--- a/resrules.c
+++ b/resrules.c
@@ -205,11 +205,8 @@ _get_version(xmlDocPtr doc, xmlXPathContextPtr ctx, char *base,

snprintf(xpath, sizeof(xpath), "%s/@version", base);

ret = xpath_get_one(doc, ctx, xpath);
- if (ret) {
- rr->rr_version = ret;
- free(ret);
- }
- rr->rr_version = NULL;
+ /* NULL or actual result of the query */
+ rr->rr_version = ret;
}

Jan Pokorný 04-02-2012 11:29 AM

resrules: fix free while passing the pointer to caller
 
(due to previously misconfigured MUA, sorry for inconvenience)

The version ("OCF API Version" as declared in the code) for resource
rules cannot be obtained correctly as the memory is being immediately
freed before passing up to the caller. What's worse, the caller
could then access uninitialized memory through this pointer
(e.g., print_resource_rule).

The patch fixes this, making no difference between success
and failure in getting the version. Both should be handled
correctly when either dumping resource rule or destroying it.

Aside: was this version field ever actively used of is this a legacy
part not expected to be triggered?
[ I have no test case at hand, this was random spot, sorry. ]

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
---
resrules.c | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/resrules.c b/resrules.c
index cc59e30..581be9e 100644
--- a/resrules.c
+++ b/resrules.c
@@ -205,11 +205,8 @@ _get_version(xmlDocPtr doc, xmlXPathContextPtr ctx, char *base,

snprintf(xpath, sizeof(xpath), "%s/@version", base);
ret = xpath_get_one(doc, ctx, xpath);
- if (ret) {
- rr->rr_version = ret;
- free(ret);
- }
- rr->rr_version = NULL;
+ /* NULL or actual result of the query */
+ rr->rr_version = ret;
}


All times are GMT. The time now is 06:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.