Hi, It seems there is still another bug in the use/caculation of conn->msg_users_max, will send another patch on top of this.
On Wed, Jul 23, 2014 at 10:19:11PM +0100, Djalal Harouni wrote: > First use kzalloc to allocate the users array, so we do not reference > unintialized values. > > And free the old conn->msg_users array not the newly allocated 'users' > one. > > Patch tested, and users will hit the KDBUS_CONN_MAX_MSGS_PER_USER limit > and fail with -ENOBUFS > > Signed-off-by: Djalal Harouni <tix...@opendz.org> > --- > connection.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/connection.c b/connection.c > index c432286..a2ed645 100644 > --- a/connection.c > +++ b/connection.c > @@ -634,13 +634,13 @@ static int kdbus_conn_queue_user_quota(struct > kdbus_conn *conn, > unsigned int i; > > i = 8 + KDBUS_ALIGN8(user); > - users = kmalloc(sizeof(unsigned int) * i, GFP_KERNEL); > + users = kzalloc(sizeof(unsigned int) * i, GFP_KERNEL); > if (!users) > return -ENOMEM; > > memcpy(users, conn->msg_users, > sizeof(unsigned int) * conn->msg_users_max); > - kfree(users); > + kfree(conn->msg_users); > conn->msg_users = users; > conn->msg_users_max = i; > } > -- > 1.9.3 > -- Djalal Harouni http://opendz.org _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel