[Spread-cvs] cvs commit: spread/daemon groups.c
spread-users@lists.spread.org
spread-users@lists.spread.org
wyvern 04/12/02 18:50:28
Modified: daemon Tag: branch_3_17 groups.c
Log:
Fix groups-state-exchange message building code, to take the
message_header into account, and hence avoid a potential 48 byte buffer
overflow. This bug was manifested as an overwrite of My.name.
Revision Changes Path
No revision
No revision
1.17.2.2 +1 -1 spread/daemon/groups.c
Index: groups.c
===================================================================
RCS file: /storage/cvsroot/spread/daemon/groups.c,v
retrieving revision 1.17.2.1
retrieving revision 1.17.2.2
diff -u -r1.17.2.1 -r1.17.2.2
--- groups.c 29 Oct 2004 14:40:55 -0000 1.17.2.1
+++ groups.c 2 Dec 2004 23:50:27 -0000 1.17.2.2
@@ -1951,7 +1951,7 @@
if( grp->num_local == 0 ) continue;
size_for_this_group = MAX_GROUP_NAME + sizeof(group_id) + sizeof(int16) +
- (grp->num_local * MAX_GROUP_NAME);
+ (grp->num_local * MAX_GROUP_NAME) + Message_get_data_header_size();
/* This requires that the number of local group members be limited. */
if( size_for_this_group > GROUPS_BUF_SIZE - num_bytes ) break;