[Bugs] [Bug 1215161] rpc: Memory corruption because rpcsvc_register_notify interprets opaque mydata argument as xlator pointer
bugzilla at redhat.com
bugzilla at redhat.com
Mon May 4 11:08:50 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1215161
--- Comment #7 from Anand Avati <aavati at redhat.com> ---
COMMIT: http://review.gluster.org/10366 committed in master by Raghavendra G
(rgowdapp at redhat.com)
------
commit dc0020c72d5c2d20328b89224b149ebb87002277
Author: Kotresh HR <khiremat at redhat.com>
Date: Fri Apr 24 17:31:03 2015 +0530
rpc: Maintain separate xlator pointer in 'rpcsvc_state'
The structure 'rpcsvc_state', which maintains rpc server
state had no separate pointer to track the translator.
It was using the mydata pointer itself. So callers were
forced to send xlator pointer as mydata which is opaque
(void pointer) by function prototype.
'rpcsvc_register_init' is setting svc->mydata with xlator
pointer. 'rpcsvc_register_notify' is overwriting svc->mydata
with mydata pointer. And rpc interprets svc->mydata as
xlator pointer internally. If someone passes non xlator
structure pointer to rpcsvc_register_notify as libgfchangelog
currently does, it might corrupt mydata. So interpreting opaque
mydata as xlator pointer is incorrect as it is caller's choice
to send mydata as any type of data to 'rpcsvc_register_notify'.
Maintaining two different pointers in 'rpcsvc_state' for xlator
and mydata solves the issue.
Change-Id: I7874933fefc68f3fe01d44f92016a8e4e9768378
BUG: 1215161
Signed-off-by: Kotresh HR <khiremat at redhat.com>
Reviewed-on: http://review.gluster.org/10366
Tested-by: Gluster Build System <jenkins at build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp at redhat.com>
Tested-by: Raghavendra G <rgowdapp at redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=J4oeY7UUhc&a=cc_unsubscribe
More information about the Bugs
mailing list