diff options
| author | Michal Zidek <mzidek@redhat.com> | 2013-08-14 18:22:06 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-19 20:57:00 +0200 |
| commit | c58c458dc919104958454f33e6887791e5965a33 (patch) | |
| tree | 2ca2070a49a5202de70cd25e97bc630db7340653 | |
| parent | 87fb9c039db9acdc1f00de35d3373e8e5788d432 (diff) | |
| download | sssd-c58c458dc919104958454f33e6887791e5965a33.tar.gz sssd-c58c458dc919104958454f33e6887791e5965a33.tar.xz sssd-c58c458dc919104958454f33e6887791e5965a33.zip | |
mmap_cache: Off by one error.
Removes off by one error when using macro MC_SIZE_TO_SLOTS
and adds new macro MC_SLOT_WITHIN_BOUNDS.
| -rw-r--r-- | src/responder/nss/nsssrv_mmap_cache.c | 12 | ||||
| -rw-r--r-- | src/sss_client/nss_mc_group.c | 8 | ||||
| -rw-r--r-- | src/sss_client/nss_mc_passwd.c | 8 | ||||
| -rw-r--r-- | src/util/mmap_cache.h | 3 |
4 files changed, 17 insertions, 14 deletions
diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index 2458cd419..e74c75c16 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -368,12 +368,12 @@ static struct sss_mc_rec *sss_mc_find_record(struct sss_mc_ctx *mcc, hash = sss_mc_hash(mcc, key->str, key->len); slot = mcc->hash_table[hash]; - if (slot > MC_SIZE_TO_SLOTS(mcc->dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { return NULL; } while (slot != MC_INVALID_VAL) { - if (slot > MC_SIZE_TO_SLOTS(mcc->dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache. Slot number too big.\n")); sss_mmap_cache_reset(mcc); @@ -602,13 +602,13 @@ errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid) hash = sss_mc_hash(mcc, uidstr, strlen(uidstr) + 1); slot = mcc->hash_table[hash]; - if (slot > MC_SIZE_TO_SLOTS(mcc->dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { ret = ENOENT; goto done; } while (slot != MC_INVALID_VAL) { - if (slot > MC_SIZE_TO_SLOTS(mcc->dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache.\n")); sss_mmap_cache_reset(mcc); ret = ENOENT; @@ -745,13 +745,13 @@ errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid) hash = sss_mc_hash(mcc, gidstr, strlen(gidstr) + 1); slot = mcc->hash_table[hash]; - if (slot > MC_SIZE_TO_SLOTS(mcc->dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { ret = ENOENT; goto done; } while (slot != MC_INVALID_VAL) { - if (slot > MC_SIZE_TO_SLOTS(mcc->dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, mcc->dt_size)) { DEBUG(SSSDBG_FATAL_FAILURE, ("Corrupted fastcache.\n")); sss_mmap_cache_reset(mcc); ret = ENOENT; diff --git a/src/sss_client/nss_mc_group.c b/src/sss_client/nss_mc_group.c index 9fe72a60e..4e3d9fb0d 100644 --- a/src/sss_client/nss_mc_group.c +++ b/src/sss_client/nss_mc_group.c @@ -121,7 +121,7 @@ errno_t sss_nss_mc_getgrnam(const char *name, size_t name_len, /* If slot is not within the bounds of mmaped region and * it's value is not MC_INVALID_VAL, then the cache is * probbably corrupted. */ - while (slot < MC_SIZE_TO_SLOTS(gr_mc_ctx.dt_size)) { + while (MC_SLOT_WITHIN_BOUNDS(slot, gr_mc_ctx.dt_size)) { ret = sss_nss_mc_get_record(&gr_mc_ctx, slot, &rec); if (ret) { goto done; @@ -155,7 +155,7 @@ errno_t sss_nss_mc_getgrnam(const char *name, size_t name_len, slot = rec->next; } - if (slot >= MC_SIZE_TO_SLOTS(gr_mc_ctx.dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, gr_mc_ctx.dt_size)) { ret = ENOENT; goto done; } @@ -196,7 +196,7 @@ errno_t sss_nss_mc_getgrgid(gid_t gid, /* If slot is not within the bounds of mmaped region and * it's value is not MC_INVALID_VAL, then the cache is * probbably corrupted. */ - while (slot < MC_SIZE_TO_SLOTS(gr_mc_ctx.dt_size)) { + while (MC_SLOT_WITHIN_BOUNDS(slot, gr_mc_ctx.dt_size)) { ret = sss_nss_mc_get_record(&gr_mc_ctx, slot, &rec); if (ret) { goto done; @@ -217,7 +217,7 @@ errno_t sss_nss_mc_getgrgid(gid_t gid, slot = rec->next; } - if (slot >= MC_SIZE_TO_SLOTS(gr_mc_ctx.dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, gr_mc_ctx.dt_size)) { ret = ENOENT; goto done; } diff --git a/src/sss_client/nss_mc_passwd.c b/src/sss_client/nss_mc_passwd.c index 7aca4a04b..a0a8d87f7 100644 --- a/src/sss_client/nss_mc_passwd.c +++ b/src/sss_client/nss_mc_passwd.c @@ -122,7 +122,7 @@ errno_t sss_nss_mc_getpwnam(const char *name, size_t name_len, /* If slot is not within the bounds of mmaped region and * it's value is not MC_INVALID_VAL, then the cache is * probbably corrupted. */ - while (slot < MC_SIZE_TO_SLOTS(pw_mc_ctx.dt_size)) { + while (MC_SLOT_WITHIN_BOUNDS(slot, pw_mc_ctx.dt_size)) { ret = sss_nss_mc_get_record(&pw_mc_ctx, slot, &rec); if (ret) { goto done; @@ -157,7 +157,7 @@ errno_t sss_nss_mc_getpwnam(const char *name, size_t name_len, slot = rec->next; } - if (slot >= MC_SIZE_TO_SLOTS(pw_mc_ctx.dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, pw_mc_ctx.dt_size)) { ret = ENOENT; goto done; } @@ -198,7 +198,7 @@ errno_t sss_nss_mc_getpwuid(uid_t uid, /* If slot is not within the bounds of mmaped region and * it's value is not MC_INVALID_VAL, then the cache is * probbably corrupted. */ - while (slot < MC_SIZE_TO_SLOTS(pw_mc_ctx.dt_size)) { + while (MC_SLOT_WITHIN_BOUNDS(slot, pw_mc_ctx.dt_size)) { ret = sss_nss_mc_get_record(&pw_mc_ctx, slot, &rec); if (ret) { goto done; @@ -219,7 +219,7 @@ errno_t sss_nss_mc_getpwuid(uid_t uid, slot = rec->next; } - if (slot >= MC_SIZE_TO_SLOTS(pw_mc_ctx.dt_size)) { + if (!MC_SLOT_WITHIN_BOUNDS(slot, pw_mc_ctx.dt_size)) { ret = ENOENT; goto done; } diff --git a/src/util/mmap_cache.h b/src/util/mmap_cache.h index 6c223df6c..abf8cac49 100644 --- a/src/util/mmap_cache.h +++ b/src/util/mmap_cache.h @@ -67,6 +67,9 @@ typedef uint32_t rel_ptr_t; #define MC_SLOT_TO_PTR(base, slot, type) \ (type *)((base) + ((slot) * MC_SLOT_SIZE)) +#define MC_SLOT_WITHIN_BOUNDS(slot, dt_size) \ + ((slot) < ((dt_size) / MC_SLOT_SIZE)) + #define MC_VALID_BARRIER(val) (((val) & 0xff000000) == 0xf0000000) #define MC_CHECK_RECORD_LENGTH(mc_ctx, rec) \ |