11201 – CTDB contains potential buffer overflows, unchecked memory allocation failures, resource leaks

Bug 11201 - CTDB contains potential buffer overflows, unchecked memory allocation failures, resource leaks

Summary: CTDB contains potential buffer overflows, unchecked memory allocation failure...

Status:	RESOLVED FIXED

Alias:	None

Product:	CTDB 2.5.x or older
Classification:	Unclassified
Component:	ctdb (show other bugs)
Version:	4.2.0
Hardware:	All All

Importance:	P5 normal
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-04-08 07:03 UTC by Martin Schwenke
Modified:	2015-04-20 19:37 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Patches for 4.2 (14.77 KB, patch) 2015-04-09 05:12 UTC, Martin Schwenke	amitay: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Schwenke 2015-04-08 07:03:20 UTC

This is to backport fixes for known memory/resource issues to 4.2.1.

These commits from master:

            470af88  ctdb-tools: Fix heap-use-after-free problem
            621bd07  ctdb: Fix 1125553 Buffer not null terminated
            f724bfb  ctdb: Fix CID 1288201 Array compared against 0
            d171d20  ctdb: Fix CID 1125613 Destination buffer too small
            93d4e80  ctdb: Fix CID 1125634 Out-of-bounds write
            508b45f  ctdb: Fix CID 1125615 Copy into fixed size buffer
            801bdcd  ctdb: Coverity fix for CID 1291643
            12309f8  ctdb: check for talloc_asprintf() failure

Patch soon...

Comment 1 Martin Schwenke 2015-04-08 07:21:56 UTC

Also the following so that d171d20 applied cleanly:

            a8cc495  ctdb: Make for-loop in ctdb_get_script_list more idiomatic
            c1e8bfb  ctdb: Fix memleak in ctdb_get_script_list
            8d9bb5c  ctdb: Introduce a helper var in ctdb_get_script_list

Comment 2 Martin Schwenke 2015-04-09 05:12:03 UTC

Created attachment 10937 [details]
Patches for 4.2

Comment 3 Amitay Isaacs 2015-04-09 12:26:26 UTC

Hi Karolin,

More fixes for 4.2.1.

Comment 4 Karolin Seeger 2015-04-09 19:16:21 UTC

(In reply to Amitay Isaacs from comment #3)

Hi Amitay,

the release branch for 4.2.1 has been frozen yesterday. Does 4.2.2 work for you? 

Karolin

Comment 5 Karolin Seeger 2015-04-19 19:11:22 UTC

Pushed to autobuild-v4-2-test.

Comment 6 Karolin Seeger 2015-04-20 19:37:43 UTC

(In reply to Karolin Seeger from comment #5)
Pushed to v4-2-test.
Closing out bug report.

Thanks!