diff options
author | Michal Zidek <mzidek@redhat.com> | 2013-08-05 20:59:33 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-11 20:37:54 +0200 |
commit | 269c115496578dc9bc9f2d9b63e8343e76880a28 (patch) | |
tree | 630398fd7be822cdbeb9e14159e5a51dd9158b9c /src/util | |
parent | d3eadee84b02f66b1b72540af4a073e479ae1319 (diff) | |
download | sssd-269c115496578dc9bc9f2d9b63e8343e76880a28.tar.gz sssd-269c115496578dc9bc9f2d9b63e8343e76880a28.tar.xz sssd-269c115496578dc9bc9f2d9b63e8343e76880a28.zip |
mmap_cache: Check if slot and name_ptr are not invalid.
This patch prevents jumping outside of allocated memory in
case of corrupted slot or name_ptr values. It is not proper
solution, just hotfix until we find out what is the root cause
of ticket https://fedorahosted.org/sssd/ticket/2018
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/mmap_cache.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/util/mmap_cache.h b/src/util/mmap_cache.h index 55383c056..6c223df6c 100644 --- a/src/util/mmap_cache.h +++ b/src/util/mmap_cache.h @@ -78,6 +78,7 @@ typedef uint32_t rel_ptr_t; #define SSS_MC_MAJOR_VNO 0 #define SSS_MC_MINOR_VNO 4 +#define SSS_MC_HEADER_UNINIT 0 /* after ftruncate or before reset */ #define SSS_MC_HEADER_ALIVE 1 /* current and in use */ #define SSS_MC_HEADER_RECYCLED 2 /* file was recycled, reopen asap */ @@ -109,6 +110,8 @@ struct sss_mc_rec { char data[0]; }; +/* FIXME: Function sss_mc_find_record currently relies on fact that + * offset of strs is the same in both sss_mc_pwd_data and sss_mc_grp_data. */ struct sss_mc_pwd_data { rel_ptr_t name; /* ptr to name string, rel. to struct base addr */ uint32_t uid; |