[ewg] [PATCH] libibumad: get_ca() can call release_ca() with uninitialized data
Ralph Campbell
ralph.campbell at qlogic.com
Mon Feb 2 11:53:01 PST 2009
In umad.c, get_ca(), the error path when the call to
scandir() fails calls release_ca(ca) when the structure
has not yet been initialized. This can cause free() to
be called on random memory addresses.
The fix is to initialize ca->numports and ca->ports
earlier in get_ca().
Signed-off-by: Ralph Campbell <ralph.campbell at qlogic.com>
diff --git a/libibumad/src/umad.c b/libibumad/src/umad.c
index 78b956d..4f877e9 100644
--- a/libibumad/src/umad.c
+++ b/libibumad/src/umad.c
@@ -361,6 +361,8 @@ get_ca(char *ca_name, umad_ca_t *ca)
int r, i, ret;
int portnum;
+ ca->numports = 0;
+ memset(ca->ports, 0, sizeof ca->ports);
strncpy(ca->ca_name, ca_name, sizeof ca->ca_name);
snprintf(dir_name, sizeof(dir_name), "%s/%s", SYS_INFINIBAND,
@@ -394,8 +396,6 @@ get_ca(char *ca_name, umad_ca_t *ca)
}
ret = 0;
- ca->numports = 0;
- memset(ca->ports, 0, sizeof ca->ports);
for (i = 0; i < r; i++) {
portnum = 0;
if (!strcmp(".", namelist[i]->d_name) ||
More information about the ewg
mailing list