rpms / libvirt

Clone
Source Code
GIT

Blame SOURCES/libvirt-rpc-Correct-the-wrong-payload-size-checking.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   43fe83eaf730f3f7762e8a227cf503f95f7ca084
  2.   SOURCES
  3.   libvirt-rpc-Correct-the-wrong-payload-size-checking.patch
Blob History Raw
43fe83 
From 69dd3f5be00b5232e45bbfb92ba50c97b084767a Mon Sep 17 00:00:00 2001
43fe83 
Message-Id: <69dd3f5be00b5232e45bbfb92ba50c97b084767a.1382534061.git.jdenemar@redhat.com>
43fe83 
From: Osier Yang <jyang@redhat.com>
43fe83 
Date: Wed, 16 Oct 2013 23:12:57 +0800
43fe83 
Subject: [PATCH] rpc: Correct the wrong payload size checking
43fe83
43fe83 
https://bugzilla.redhat.com/show_bug.cgi?id=950416
43fe83
43fe83 
<...>
43fe83 
/* Size of message length field. Not counted in VIR_NET_MESSAGE_MAX
43fe83 
 * and VIR_NET_MESSAGE_INITIAL.
43fe83 
 */
43fe83 
const VIR_NET_MESSAGE_LEN_MAX = 4;
43fe83 
</...>
43fe83
43fe83 
However, msg->bufferLength includes the length word. The wrong checking
43fe83 
was introduced by commit e914dcfd.
43fe83
43fe83 
* src/rpc/virnetmessage.c:
43fe83 
  - Correct the checking in virNetMessageEncodePayloadRaw
43fe83 
  - Use a new variable to track the new payload length in
43fe83 
    virNetMessageEncodePayloadRaw
43fe83 
(cherry picked from commit 0959785d3b4a4da3c24352942ca4d2152f4e0191)
43fe83
43fe83 
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
43fe83 
---
43fe83 
 src/rpc/virnetmessage.c | 18 ++++++++++++------
43fe83 
 1 file changed, 12 insertions(+), 6 deletions(-)
43fe83
43fe83 
diff --git a/src/rpc/virnetmessage.c b/src/rpc/virnetmessage.c
43fe83 
index 8f4e4bc..d60366b 100644
43fe83 
--- a/src/rpc/virnetmessage.c
43fe83 
+++ b/src/rpc/virnetmessage.c
43fe83 
@@ -346,15 +346,16 @@ int virNetMessageEncodePayload(virNetMessagePtr msg,
43fe83
43fe83 
     /* Try to encode the payload. If the buffer is too small increase it. */
43fe83 
     while (!(*filter)(&xdr, data)) {
43fe83 
-        if ((msg->bufferLength - VIR_NET_MESSAGE_LEN_MAX) * 4 > VIR_NET_MESSAGE_MAX) {
43fe83 
+        unsigned int newlen = (msg->bufferLength - VIR_NET_MESSAGE_LEN_MAX) * 4;
43fe83 
+
43fe83 
+        if (newlen > VIR_NET_MESSAGE_MAX) {
43fe83 
             virReportError(VIR_ERR_RPC, "%s", _("Unable to encode message payload"));
43fe83 
             goto error;
43fe83 
         }
43fe83
43fe83 
         xdr_destroy(&xdr;;
43fe83
43fe83 
-        msg->bufferLength = (msg->bufferLength - VIR_NET_MESSAGE_LEN_MAX) * 4 +
43fe83 
-            VIR_NET_MESSAGE_LEN_MAX;
43fe83 
+        msg->bufferLength = newlen + VIR_NET_MESSAGE_LEN_MAX;
43fe83
43fe83 
         if (VIR_REALLOC_N(msg->buffer, msg->bufferLength) < 0)
43fe83 
             goto error;
43fe83 
@@ -426,10 +427,15 @@ int virNetMessageEncodePayloadRaw(virNetMessagePtr msg,
43fe83
43fe83 
     /* If the message buffer is too small for the payload increase it accordingly. */
43fe83 
     if ((msg->bufferLength - msg->bufferOffset) < len) {
43fe83 
-        if ((msg->bufferOffset + len) > VIR_NET_MESSAGE_MAX) {
43fe83 
+        if ((msg->bufferOffset + len) >
43fe83 
+            (VIR_NET_MESSAGE_MAX + VIR_NET_MESSAGE_LEN_MAX)) {
43fe83 
             virReportError(VIR_ERR_RPC,
43fe83 
-                           _("Stream data too long to send (%zu bytes needed, %zu bytes available)"),
43fe83 
-                           len, (VIR_NET_MESSAGE_MAX - msg->bufferOffset));
43fe83 
+                           _("Stream data too long to send "
43fe83 
+                             "(%zu bytes needed, %zu bytes available)"),
43fe83 
+                           len,
43fe83 
+                           VIR_NET_MESSAGE_MAX +
43fe83 
+                           VIR_NET_MESSAGE_LEN_MAX -
43fe83 
+                           msg->bufferOffset);
43fe83 
             return -1;
43fe83 
         }
43fe83
43fe83 
--
43fe83 
1.8.4
43fe83

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation