FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Cluster Development

 
 
LinkBack Thread Tools
 
Old 04-02-2012, 10:06 AM
Jan Pokorný
 
Default resrules: fix free while passing the pointer to caller

The version ("OCF API Version" as declared in the code) for resource
rules cannot be obtained correctly as the memory is being immediately
freed before passing up to the caller. What's worse, the caller
could then access uninitialized memory through this pointer
(print_resource_rule and especially destroy_resource_rule which could
lead to crash easily, IMHO).

The patch fixes this, making no difference between success
and failure in getting the version. Both should be handled
correctly when either dumping resource rule or destroying it.

Aside: was this version field ever actively used or is this a legacy
part not expected to be triggered?
[ I have no test case at hand, this was random spot, sorry. ]

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
---
resrules.c | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/resrules.c b/resrules.c
index cc59e30..581be9e 100644
--- a/resrules.c
+++ b/resrules.c
@@ -205,11 +205,8 @@ _get_version(xmlDocPtr doc, xmlXPathContextPtr ctx, char *base,

snprintf(xpath, sizeof(xpath), "%s/@version", base);

ret = xpath_get_one(doc, ctx, xpath);
- if (ret) {
- rr->rr_version = ret;
- free(ret);
- }
- rr->rr_version = NULL;
+ /* NULL or actual result of the query */
+ rr->rr_version = ret;
}
 
Old 04-02-2012, 11:29 AM
Jan Pokorný
 
Default resrules: fix free while passing the pointer to caller

(due to previously misconfigured MUA, sorry for inconvenience)

The version ("OCF API Version" as declared in the code) for resource
rules cannot be obtained correctly as the memory is being immediately
freed before passing up to the caller. What's worse, the caller
could then access uninitialized memory through this pointer
(e.g., print_resource_rule).

The patch fixes this, making no difference between success
and failure in getting the version. Both should be handled
correctly when either dumping resource rule or destroying it.

Aside: was this version field ever actively used of is this a legacy
part not expected to be triggered?
[ I have no test case at hand, this was random spot, sorry. ]

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
---
resrules.c | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/resrules.c b/resrules.c
index cc59e30..581be9e 100644
--- a/resrules.c
+++ b/resrules.c
@@ -205,11 +205,8 @@ _get_version(xmlDocPtr doc, xmlXPathContextPtr ctx, char *base,

snprintf(xpath, sizeof(xpath), "%s/@version", base);
ret = xpath_get_one(doc, ctx, xpath);
- if (ret) {
- rr->rr_version = ret;
- free(ret);
- }
- rr->rr_version = NULL;
+ /* NULL or actual result of the query */
+ rr->rr_version = ret;
}
 

Thread Tools




All times are GMT. The time now is 11:11 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org