git.samba.org / obnox / samba / samba-obnox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8f73ae0)
ctdb-recoverd: Fix some uninitialised memory issues
authorMartin Schwenke <martin@meltin.net>
Mon, 11 Jan 2016 06:23:12 +0000 (17:23 +1100)
committerMichael Adam <obnox@samba.org>
Tue, 12 Jan 2016 18:16:17 +0000 (19:16 +0100)
The first element of these structures is a 32-bit PNN.  On 64-bit
systems this field can be followed by 32-bits of padding.  When the
structures are copied this can cause uninitialised memory to be
copied.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
ctdb/server/ctdb_monitor.c patch | blob | history
ctdb/server/ctdb_recoverd.c patch | blob | history

diff --git a/ctdb/server/ctdb_monitor.c b/ctdb/server/ctdb_monitor.c
index d8eda2a11caeb9791957d99325f1683d64ea9756..0a8273a92171fe505cd2c0735a0390c2c245eed3 100644 (file)
--- a/ctdb/server/ctdb_monitor.c
+++ b/ctdb/server/ctdb_monitor.c
@@ -134,6 +134,7 @@ static void ctdb_health_callback(struct ctdb_context *ctdb, int status, void *p)
        c.pnn = ctdb->pnn;
        c.old_flags = node->flags;
 
+       ZERO_STRUCT(rd);
        rd.pnn   = ctdb->pnn;
        rd.srvid = CTDB_SRVID_TAKEOVER_RUN_RESPONSE;
 
diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 1d63526e70d09c0c4b10dc9d94aa231bb6c7a8ee..c89649a3c559e9476424ec3c6c6ffce396e57550 100644 (file)
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -1650,6 +1650,7 @@ static bool do_takeover_run(struct ctdb_recoverd *rec,
         * wait for replies since a failure here might cause some
         * noise in the logs but will not actually cause a problem.
         */
+       ZERO_STRUCT(dtr);
        dtr.srvid = 0; /* No reply */
        dtr.pnn = -1;
 
@@ -3202,6 +3203,7 @@ static int verify_local_ip_allocation(struct ctdb_context *ctdb, struct ctdb_rec
 
                DEBUG(DEBUG_CRIT,("Trigger takeoverrun\n"));
 
+               ZERO_STRUCT(rd);
                rd.pnn = ctdb->pnn;
                rd.srvid = 0;
                data.dptr = (uint8_t *)&rd;
Michael's Samba GIT