OpenAFS Master Repository branch, master, updated. BP--openafs-stable-1_6_x-146-g5fd720c
Gerrit Code Review
gerrit@openafs.org
Tue, 21 Sep 2010 05:12:36 -0700 (PDT)
The following commit has been merged in the master branch:
commit 5fd720ce7d1532b8f17b96b6b21a85ee0ee6827f
Author: Simon Wilkinson <sxw@inf.ed.ac.uk>
Date: Wed Sep 1 14:38:58 2010 +0100
rxgen: Handle complex structures
Servers built using rxgen will break if they take complex
structures as RPC arguments. A complex structure, in this case, is
one which contains an array.
For example an RPC which takes as an argument:
struct MyData {
opaque somebytes<>;
}
... will cause memory corruption on the server whenever it is called.
This is becase the server stubs emitted by rxgen do not zero out the
contents of the MyData structure, leaving it with whatever garbage may
be on the stack. When XDR comes to populate the somebytes opaque
array, it sees that MyData.somebytes.somebytes_val is non-zero, and
assumes that this is a pre-allocated block into which it can record
the data from the wire. However, it's really just stack garbage, and
so we overwrite memory.
As a fix, this patch creates a new list of 'complex' structures, which
are identified as structures which contain arrays. When a server stub
is created for a function that takes a complex structure, the structure
is set to zero before use, and marked to be freed afterwards.
I suspect that there may be a wider class of complex structures than are
caught by this routine, but this is a start...
Change-Id: Id671fe602c8cd44afaaccc821aaa097b142f1899
Reviewed-on: http://gerrit.openafs.org/2736
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
src/rxgen/rpc_parse.c | 26 +++++++++++++++++++++++++-
1 files changed, 25 insertions(+), 1 deletions(-)
--
OpenAFS Master Repository