I'll fix it when I push the code.
Thanks,
Zoran
From: Neelakanta Reddy [mailto:neelaka...@users.sf.net]
Sent: den 29 september 2014 16:35
To: [opensaf:tickets]
Subject: [opensaf:tickets] Re: #1135 Imm: Missing validity check on
'objectName' in saImmOmSearchInitialize
Hi zoran,
Reviewed and tested the 4.5.x, default.
Ack with following comment:
The if condition must be negated, otherwise cluster will not come up:
* if(! osaf_is_extended_name_valid(rootName)) {
* rc = SA_AIS_ERR_INVALID_PARAM;
Reviewed the 4.3.x and 4.4.x patch.
ACK.
/Neel.
On Monday 29 September 2014 07:22 PM, Zoran Milinkovic wrote:
* status: accepted --> fixed
* Comment:
opensaf-4.3.x and opensaf-4.4.x:
https://sourceforge.net/p/opensaf/mailman/message/32879190/<https://sourceforge.net/p/opensaf/mailman/message/32879190>
https://sourceforge.net/p/opensaf/mailman/message/32879190
opensaf-4.5.x and default(4.6):
https://sourceforge.net/p/opensaf/mailman/message/32879192/<https://sourceforge.net/p/opensaf/mailman/message/32879192>
https://sourceforge.net/p/opensaf/mailman/message/32879192
________________________________
[tickets:#1135]<http://sourceforge.net/p/opensaf/tickets/1135>
http://sourceforge.net/p/opensaf/tickets/1135 Imm:
Missing validity check on 'objectName' in saImmOmSearchInitialize
Status: fixed
Milestone: 4.3.3
Created: Thu Sep 25, 2014 08:20 AM UTC by Anders Bjornerstedt
Last Updated: Mon Sep 29, 2014 08:29 AM UTC
Owner: Zoran Milinkovic
If one compares saImmOmSearchInitialize with saImmOmAccessorGet one
can see
this check in accessorGet (4.4 version of the code):
if ((objectName == NULL) || (objectName->length == 0) ||
(objectName->length >= SA_MAX_NAME_LENGTH)) {
TRACE_2("ERR_INVALID_PARAM: Incorrect parameter contents: objectName");
TRACE_LEAVE();
return SA_AIS_ERR_INVALID_PARAM;
}
But no corresponding check on 'rootName' in the searchInitialize code.
The check can not be identical, because the 'rootName' argument in
searchInitialize can be NULL if the search is to be global.
But if rootName is not NULL then a corresponding check must be done.
In addition, if rootName is not NULL, we must allow the case of the
root being empty (rootName->length == 0).
For backwards compatibility we also have to allow the case:
((rootName->length !=0) && strnlen(rootName->value, rootName->length)==0)
The check that rootName->lenght is within bounds is here assumed to have
been done earlier.
This bug has apparently always been there. It has nothing to do with 4.5
or long-names etc, but it will impact code that is long-name addapted
in 4.5.
________________________________
Sent from sourceforge.net because
opensaf-tickets@lists.sourceforge.net<mailto:opensaf-tickets@lists.sourceforge.net>
is subscribed to
https://sourceforge.net/p/opensaf/tickets/<https://sourceforge.net/p/opensaf/tickets>
https://sourceforge.net/p/opensaf/tickets
To unsubscribe from further messages, a project admin can change
settings at https://sourceforge.net/p/opensaf/admin/tickets/options.
Or, if this is a mailing list, you can unsubscribe from the mailing list.
________________________________
Slashdot TV. Videos for Nerds. Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net<mailto:Opensaf-tickets@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
________________________________
[tickets:#1135]<http://sourceforge.net/p/opensaf/tickets/1135> Imm: Missing
validity check on 'objectName' in saImmOmSearchInitialize
Status: review
Milestone: 4.3.3
Created: Thu Sep 25, 2014 08:20 AM UTC by Anders Bjornerstedt
Last Updated: Mon Sep 29, 2014 01:52 PM UTC
Owner: Zoran Milinkovic
If one compares saImmOmSearchInitialize with saImmOmAccessorGet one can see
this check in accessorGet (4.4 version of the code):
if ((objectName == NULL) || (objectName->length == 0) ||
(objectName->length >= SA_MAX_NAME_LENGTH)) {
TRACE_2("ERR_INVALID_PARAM: Incorrect parameter contents: objectName");
TRACE_LEAVE();
return SA_AIS_ERR_INVALID_PARAM;
}
But no corresponding check on 'rootName' in the searchInitialize code.
The check can not be identical, because the 'rootName' argument in
searchInitialize can be NULL if the search is to be global.
But if rootName is not NULL then a corresponding check must be done.
In addition, if rootName is not NULL, we must allow the case of the
root being empty (rootName->length == 0).
For backwards compatibility we also have to allow the case:
((rootName->length !=0) && strnlen(rootName->value, rootName->length)==0)
The check that rootName->lenght is within bounds is here assumed to have
been done earlier.
This bug has apparently always been there. It has nothing to do with 4.5
or long-names etc, but it will impact code that is long-name addapted in 4.5.
________________________________
Sent from sourceforge.net because you indicated interest in
https://sourceforge.net/p/opensaf/tickets/1135/<https://sourceforge.net/p/opensaf/tickets/1135>
To unsubscribe from further messages, please visit
https://sourceforge.net/auth/subscriptions/<https://sourceforge.net/auth/subscriptions>
---
** [tickets:#1135] Imm: Missing validity check on 'objectName' in
saImmOmSearchInitialize**
**Status:** review
**Milestone:** 4.3.3
**Created:** Thu Sep 25, 2014 08:20 AM UTC by Anders Bjornerstedt
**Last Updated:** Mon Sep 29, 2014 01:52 PM UTC
**Owner:** Zoran Milinkovic
If one compares saImmOmSearchInitialize with saImmOmAccessorGet one can see
this check in accessorGet (4.4 version of the code):
if ((objectName == NULL) || (objectName->length == 0) ||
(objectName->length >= SA_MAX_NAME_LENGTH)) {
TRACE_2("ERR_INVALID_PARAM: Incorrect parameter contents:
objectName");
TRACE_LEAVE();
return SA_AIS_ERR_INVALID_PARAM;
}
But no corresponding check on 'rootName' in the searchInitialize code.
The check can not be identical, because the 'rootName' argument in
searchInitialize can be NULL if the search is to be global.
But if rootName is not NULL then a corresponding check must be done.
In addition, if rootName is not NULL, we must allow the case of the
root being empty (rootName->length == 0).
For backwards compatibility we also have to allow the case:
((rootName->length !=0) && strnlen(rootName->value, rootName->length)==0)
The check that rootName->lenght is within bounds is here assumed to have
been done earlier.
This bug has apparently always been there. It has nothing to do with 4.5
or long-names etc, but it will impact code that is long-name addapted in 4.5.
---
Sent from sourceforge.net because opensaf-tickets@lists.sourceforge.net is
subscribed to http://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
http://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
Opensaf-tickets@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
