Blob Blame History Raw
commit 93f3df56ce1008c362df679b2768edbf2e5a860a
Author: Fabio M. Di Nitto <fdinitto@redhat.com>
Date:   Thu Sep 19 09:02:44 2019 +0200

    [links] fix memory corryption of link structure
    
    the index would overflow the buffer and overwrite data in the link
    structure. Depending on what was written the cluster could fall
    apart in many ways, from crashing, to hung.
    
    Fixes: https://github.com/kronosnet/kronosnet/issues/255
    
    thanks to the proxmox developers and community for reporting the issue
    and for all the help reproducing / debugging the problem.
    
    Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>

diff --git a/libknet/links.c b/libknet/links.c
index 6abbd48..3d52511 100644
--- a/libknet/links.c
+++ b/libknet/links.c
@@ -62,13 +62,13 @@ int _link_updown(knet_handle_t knet_h, knet_node_id_t host_id, uint8_t link_id,
 	if (connected) {
 		time(&link->status.stats.last_up_times[link->status.stats.last_up_time_index]);
 		link->status.stats.up_count++;
-		if (++link->status.stats.last_up_time_index > MAX_LINK_EVENTS) {
+		if (++link->status.stats.last_up_time_index >= MAX_LINK_EVENTS) {
 			link->status.stats.last_up_time_index = 0;
 		}
 	} else {
 		time(&link->status.stats.last_down_times[link->status.stats.last_down_time_index]);
 		link->status.stats.down_count++;
-		if (++link->status.stats.last_down_time_index > MAX_LINK_EVENTS) {
+		if (++link->status.stats.last_down_time_index >= MAX_LINK_EVENTS) {
 			link->status.stats.last_down_time_index = 0;
 		}
 	}