[Spread-cvs] cvs commit: spread/daemon groups.c

spread-users@lists.spread.org spread-users@lists.spread.org


wyvern      04/12/02 18:50:28

  Modified:    daemon   Tag: branch_3_17 groups.c
  Log:
  Fix groups-state-exchange message building code, to take the
  message_header into account, and hence avoid a potential 48 byte buffer
  overflow.  This bug was manifested as an overwrite of My.name.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.17.2.2  +1 -1      spread/daemon/groups.c
  
  Index: groups.c
  ===================================================================
  RCS file: /storage/cvsroot/spread/daemon/groups.c,v
  retrieving revision 1.17.2.1
  retrieving revision 1.17.2.2
  diff -u -r1.17.2.1 -r1.17.2.2
  --- groups.c	29 Oct 2004 14:40:55 -0000	1.17.2.1
  +++ groups.c	2 Dec 2004 23:50:27 -0000	1.17.2.2
  @@ -1951,7 +1951,7 @@
   		if( grp->num_local == 0 ) continue;
   		
                   size_for_this_group = MAX_GROUP_NAME + sizeof(group_id) + sizeof(int16) +
  -                        (grp->num_local * MAX_GROUP_NAME);
  +                        (grp->num_local * MAX_GROUP_NAME) + Message_get_data_header_size();
                   /* This requires that the number of local group members be limited. */
                   if( size_for_this_group > GROUPS_BUF_SIZE - num_bytes )  break;