Skip to content
Snippets Groups Projects
Commit 10b811f0 authored by Moe Jette's avatar Moe Jette
Browse files

Change unpackmem() calls to unpackmem_ptr(), check resulting size 

before doing memcpy().
parent 85e82174
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/plugins/switch/federation/federation.c
+ 9
5
View file @ 10b811f0
...@@ -1168,7 +1168,7 @@ _unpack_nodeinfo(fed_nodeinfo_t *n, Buf buf, bool believe_window_status) ...@@ -1168,7 +1168,7 @@ _unpack_nodeinfo(fed_nodeinfo_t *n, Buf buf, bool believe_window_status)
fed_window_t *tmp_w = NULL; fed_window_t *tmp_w = NULL;
uint16_t size; uint16_t size;
fed_nodeinfo_t *tmp_n = NULL; fed_nodeinfo_t *tmp_n = NULL;
char name[FED_HOSTLEN]; char *name_ptr, name[FED_HOSTLEN];
int magic; int magic;
/* NOTE! We don't care at this point whether n is valid. /* NOTE! We don't care at this point whether n is valid.
...@@ -1181,9 +1181,10 @@ _unpack_nodeinfo(fed_nodeinfo_t *n, Buf buf, bool believe_window_status) ...@@ -1181,9 +1181,10 @@ _unpack_nodeinfo(fed_nodeinfo_t *n, Buf buf, bool believe_window_status)
safe_unpack32(&magic, buf); safe_unpack32(&magic, buf);
if(magic != FED_NODEINFO_MAGIC) if(magic != FED_NODEINFO_MAGIC)
slurm_seterrno_ret(EBADMAGIC_FEDNODEINFO); slurm_seterrno_ret(EBADMAGIC_FEDNODEINFO);
unpackmem(name, &size, buf); unpackmem_ptr(&name_ptr, &size, buf);
if(size != FED_HOSTLEN) if(size != FED_HOSTLEN)
goto unpack_error; goto unpack_error;
memcpy(name, name_ptr, size);
/* If we already have nodeinfo for this node, we ignore this message. /* If we already have nodeinfo for this node, we ignore this message.
* The slurmctld's view of window allocation is always better than * The slurmctld's view of window allocation is always better than
...@@ -1207,9 +1208,10 @@ _unpack_nodeinfo(fed_nodeinfo_t *n, Buf buf, bool believe_window_status) ...@@ -1207,9 +1208,10 @@ _unpack_nodeinfo(fed_nodeinfo_t *n, Buf buf, bool believe_window_status)
safe_unpack32(&tmp_n->adapter_count, buf); safe_unpack32(&tmp_n->adapter_count, buf);
for(i = 0; i < tmp_n->adapter_count; i++) { for(i = 0; i < tmp_n->adapter_count; i++) {
tmp_a = tmp_n->adapter_list + i; tmp_a = tmp_n->adapter_list + i;
unpackmem(tmp_a->name, &size, buf); unpackmem_ptr(&name_ptr, &size, buf);
if(size != FED_ADAPTERNAME_LEN) if(size != FED_ADAPTERNAME_LEN)
goto unpack_error; goto unpack_error;
memcpy(tmp_a->name, name_ptr, size);
safe_unpack16(&tmp_a->lid, buf); safe_unpack16(&tmp_a->lid, buf);
safe_unpack16(&tmp_a->network_id, buf); safe_unpack16(&tmp_a->network_id, buf);
safe_unpack32(&tmp_a->max_winmem, buf); safe_unpack32(&tmp_a->max_winmem, buf);
...@@ -1928,6 +1930,7 @@ void ...@@ -1928,6 +1930,7 @@ void
_unpack_tableinfo(fed_tableinfo_t *tableinfo, Buf buf) _unpack_tableinfo(fed_tableinfo_t *tableinfo, Buf buf)
{ {
uint16_t size; uint16_t size;
char *name_ptr;
int i; int i;
safe_unpack32(&tableinfo->table_length, buf); safe_unpack32(&tableinfo->table_length, buf);
...@@ -1940,10 +1943,11 @@ _unpack_tableinfo(fed_tableinfo_t *tableinfo, Buf buf) ...@@ -1940,10 +1943,11 @@ _unpack_tableinfo(fed_tableinfo_t *tableinfo, Buf buf)
safe_unpack16(&tableinfo->table[i]->lid, buf); safe_unpack16(&tableinfo->table[i]->lid, buf);
safe_unpack16(&tableinfo->table[i]->window_id, buf); safe_unpack16(&tableinfo->table[i]->window_id, buf);
} }
unpackmem(tableinfo->adapter_name, &size, buf); unpackmem_ptr(&name_ptr, &size, buf);
if (size != FED_ADAPTERNAME_LEN) if (size != FED_ADAPTERNAME_LEN)
error("adapter_name unpack error"); error("adapter_name unpack error");
else
memcpy(tableinfo->adapter_name, name_ptr, size);
return; return;
unpack_error: /* safe_unpackXX are macros which jump to unpack_error */ unpack_error: /* safe_unpackXX are macros which jump to unpack_error */
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
Nutzungsbedingungen | Datenschutzerklärung | Barrierefreiheitserklärung