diff options
author | Zdenek Kabelac <zkabelac@redhat.com> | 2011-03-08 22:48:50 +0000 |
---|---|---|
committer | Zdenek Kabelac <zkabelac@redhat.com> | 2011-03-08 22:48:50 +0000 |
commit | ee12300a56e31da3525b7f82dc21c2a4f93e9885 (patch) | |
tree | 10254f5da67b7171adf6c8a338ab55def6b097f1 /daemons/clvmd/clvmd.c | |
parent | e134ce7c3c31442de9a84492c7dca8e28cc3babe (diff) | |
download | lvm2-ee12300a56e31da3525b7f82dc21c2a4f93e9885.tar.gz lvm2-ee12300a56e31da3525b7f82dc21c2a4f93e9885.tar.xz lvm2-ee12300a56e31da3525b7f82dc21c2a4f93e9885.zip |
Do not send random bytes in message
Fixing few issues:
struct clvm_header contains 'char args[1]' - so adding '+ 1' here
for message length calculation is 1 byte off.
Message with last byte uninitialized is then passed to write function.
Update also related arglen.
Initialise xid and clintid to 0.
Memory allocation is checked for NULL
Diffstat (limited to 'daemons/clvmd/clvmd.c')
-rw-r--r-- | daemons/clvmd/clvmd.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/daemons/clvmd/clvmd.c b/daemons/clvmd/clvmd.c index 56600f93..361fc626 100644 --- a/daemons/clvmd/clvmd.c +++ b/daemons/clvmd/clvmd.c @@ -1749,13 +1749,18 @@ static void send_local_reply(struct local_client *client, int status, int fd) } /* Add in the size of our header */ - message_len = message_len + sizeof(struct clvm_header) + 1; - replybuf = malloc(message_len); + message_len = message_len + sizeof(struct clvm_header); + if (!(replybuf = malloc(message_len))) { + DEBUGLOG("Memory allocation fails\n"); + return; + } clientreply = (struct clvm_header *) replybuf; clientreply->status = status; clientreply->cmd = CLVMD_CMD_REPLY; clientreply->node[0] = '\0'; + clientreply->xid = 0; + clientreply->clientid = 0; clientreply->flags = 0; ptr = clientreply->args; @@ -1790,7 +1795,7 @@ static void send_local_reply(struct local_client *client, int status, int fd) /* Terminate with an empty node name */ *ptr = '\0'; - clientreply->arglen = ptr - clientreply->args + 1; + clientreply->arglen = ptr - clientreply->args; /* And send it */ send_message(replybuf, message_len, our_csid, fd, |