proxmox-mirrors/mirror_corosync
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_corosync synced 2025-08-03 16:32:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

When a message is retransmitted, a memmove operation is done to remove the

Browse Source 
newly retransmitted entry from the list.  It is possible this memmove operation
can buffer overflow because it has an invalid length calculation fixed by this
revision.


git-svn-id: http://svn.fedorahosted.org/svn/corosync/trunk@2794 fd59a12c-fef9-0310-b244-a6a79926bd2f
This commit is contained in:
Steven Dake 2010-04-30 05:15:41 +00:00
parent 80d621e25f
commit 005b9af59d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
exec/totemsrp.c
View File

@ -2466,7 +2466,7 @@ static int orf_token_rtr (
orf_token->rtr_list_entries -= 1;
assert (orf_token->rtr_list_entries >= 0);
memmove (&rtr_list[i], &rtr_list[i + 1],
sizeof (struct rtr_item) * (orf_token->rtr_list_entries));
sizeof (struct rtr_item) * (orf_token->rtr_list_entries - i));
instance->stats.mcast_retx++;
instance->fcc_remcast_current++;