[Spread-cvs] cvs commit: spread/daemon groups.c
spread-users@lists.spread.org
spread-users@lists.spread.org
wyvern 04/12/02 18:52:17
Modified: daemon groups.c
Log:
Fix groups-state-exchange message building code, to take the
message_header into account, and hence avoid a potential 48 byte buffer
overflow. This bug was manifested as an overwrite of My.name.
Revision Changes Path
1.21 +2 -2 spread/daemon/groups.c
Index: groups.c
===================================================================
RCS file: /storage/cvsroot/spread/daemon/groups.c,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- groups.c 2 Nov 2004 01:26:12 -0000 1.20
+++ groups.c 2 Dec 2004 23:52:17 -0000 1.21
@@ -1883,7 +1883,7 @@
{
/* To have information about this group, we need to be able to fit
* its name, ID, and the number of daemons it has in this message. */
- size_needed = MAX_GROUP_NAME + sizeof(group_id) + sizeof(int16u);
+ size_needed = MAX_GROUP_NAME + sizeof(group_id) + sizeof(int16u) + Message_get_data_header_size();
if( size_needed > GROUPS_BUF_SIZE - num_bytes ) break;
memcpy( &buf[num_bytes], grp->name, MAX_GROUP_NAME );
@@ -1904,7 +1904,7 @@
* we need to be able to store its proc_id, memb_id, number of
* local members, and the private group names of its local members. */
size_needed = sizeof(int32) + sizeof(membership_id) + sizeof(int16u) +
- (dmn->MembersList.size * MAX_GROUP_NAME);
+ (dmn->MembersList.size * MAX_GROUP_NAME) + Message_get_data_header_size();
/* This requires that the number of local group members be limited. */
if( size_needed > GROUPS_BUF_SIZE - num_bytes )
{