Bug 11201 - CTDB contains potential buffer overflows, unchecked memory allocation failures, resource leaks
Summary: CTDB contains potential buffer overflows, unchecked memory allocation failure...
Alias: None
Product: CTDB 2.5.x or older
Classification: Unclassified
Component: ctdb (show other bugs)
Version: 4.2.0
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2015-04-08 07:03 UTC by Martin Schwenke
Modified: 2015-04-20 19:37 UTC (History)
1 user (show)

See Also:

Patches for 4.2 (14.77 KB, patch)
2015-04-09 05:12 UTC, Martin Schwenke
amitay: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Schwenke 2015-04-08 07:03:20 UTC
This is to backport fixes for known memory/resource issues to 4.2.1.

These commits from master:

            470af88  ctdb-tools: Fix heap-use-after-free problem
            621bd07  ctdb: Fix 1125553 Buffer not null terminated
            f724bfb  ctdb: Fix CID 1288201 Array compared against 0
            d171d20  ctdb: Fix CID 1125613 Destination buffer too small
            93d4e80  ctdb: Fix CID 1125634 Out-of-bounds write
            508b45f  ctdb: Fix CID 1125615 Copy into fixed size buffer
            801bdcd  ctdb: Coverity fix for CID 1291643
            12309f8  ctdb: check for talloc_asprintf() failure

Patch soon...
Comment 1 Martin Schwenke 2015-04-08 07:21:56 UTC
Also the following so that d171d20 applied cleanly:

            a8cc495  ctdb: Make for-loop in ctdb_get_script_list more idiomatic
            c1e8bfb  ctdb: Fix memleak in ctdb_get_script_list
            8d9bb5c  ctdb: Introduce a helper var in ctdb_get_script_list
Comment 2 Martin Schwenke 2015-04-09 05:12:03 UTC
Created attachment 10937 [details]
Patches for 4.2
Comment 3 Amitay Isaacs 2015-04-09 12:26:26 UTC
Hi Karolin,

More fixes for 4.2.1.
Comment 4 Karolin Seeger 2015-04-09 19:16:21 UTC
(In reply to Amitay Isaacs from comment #3)

Hi Amitay,

the release branch for 4.2.1 has been frozen yesterday. Does 4.2.2 work for you? 

Comment 5 Karolin Seeger 2015-04-19 19:11:22 UTC
Pushed to autobuild-v4-2-test.
Comment 6 Karolin Seeger 2015-04-20 19:37:43 UTC
(In reply to Karolin Seeger from comment #5)
Pushed to v4-2-test.
Closing out bug report.