this patch fixes a segfault/crash in confdb_write.

If the operation is succesful there is no need to set error_string. If error_string is not set, don't try to access it or we crash.

At the same time perform the same check in libconfdb when we receive the reply.

Fabio 


git-svn-id: http://svn.fedorahosted.org/svn/corosync/trunk@1569 fd59a12c-fef9-0310-b244-a6a79926bd2f

exec/confdb.c

@@ -455,7 +455,7 @@ static void message_handler_req_lib_confdb_write (void *conn, void *message)
 {
 	struct res_lib_confdb_write res_lib_confdb_write;
 	int ret = SA_AIS_OK;
-	char *error_string;
+	char *error_string = NULL;
 
 	if (global_objdb->object_write_config(&error_string))
 		ret = SA_AIS_ERR_ACCESS;
@@ -463,8 +463,11 @@ static void message_handler_req_lib_confdb_write (void *conn, void *message)
 	res_lib_confdb_write.header.size = sizeof(res_lib_confdb_write);
 	res_lib_confdb_write.header.id = MESSAGE_RES_CONFDB_WRITE;
 	res_lib_confdb_write.header.error = ret;
-	strcpy((char *)res_lib_confdb_write.error.value, error_string);
-	res_lib_confdb_write.error.length = strlen(error_string) + 1;
+	if (error_string) {
+		strcpy((char *)res_lib_confdb_write.error.value, error_string);
+		res_lib_confdb_write.error.length = strlen(error_string) + 1;
+	} else
+		res_lib_confdb_write.error.length = 0;
 
 	openais_conn_send_response(conn, &res_lib_confdb_write, sizeof(res_lib_confdb_write));
 }

lib/confdb.c

@@ -1130,7 +1130,8 @@ confdb_error_t confdb_write (
 	}
 
 	error = res_lib_confdb_write.header.error;
-	memcpy(error_text, res_lib_confdb_write.error.value, res_lib_confdb_write.error.length);
+	if (res_lib_confdb_write.error.length)
+		memcpy(error_text, res_lib_confdb_write.error.value, res_lib_confdb_write.error.length);
 
 error_exit:
 	saHandleInstancePut (&confdb_handle_t_db, handle);