Commit 227f14f0 authored by Paul Meyer's avatar Paul Meyer Committed by Kleber Sacilotto de Souza

hv: kvp: Avoid reading past allocated blocks from KVP file

BugLink: http://bugs.launchpad.net/bugs/1745047

commit 297d6b6e upstream.

While reading in more than one block (50) of KVP records, the allocation
goes per block, but the reads used the total number of allocated records
(without resetting the pointer/stream). This causes the records buffer to
overrun when the refresh reads more than one block over the previous
capacity (e.g. reading more than 100 KVP records whereas the in-memory
database was empty before).

Fix this by reading the correct number of KVP records from file each time.
Signed-off-by: default avatarPaul Meyer <Paul.Meyer@microsoft.com>
Signed-off-by: default avatarLong Li <longli@microsoft.com>
Signed-off-by: default avatarK. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
parent 322862fd
...@@ -193,11 +193,14 @@ static void kvp_update_mem_state(int pool) ...@@ -193,11 +193,14 @@ static void kvp_update_mem_state(int pool)
for (;;) { for (;;) {
readp = &record[records_read]; readp = &record[records_read];
records_read += fread(readp, sizeof(struct kvp_record), records_read += fread(readp, sizeof(struct kvp_record),
ENTRIES_PER_BLOCK * num_blocks, ENTRIES_PER_BLOCK * num_blocks - records_read,
filep); filep);
if (ferror(filep)) { if (ferror(filep)) {
syslog(LOG_ERR, "Failed to read file, pool: %d", pool); syslog(LOG_ERR,
"Failed to read file, pool: %d; error: %d %s",
pool, errno, strerror(errno));
kvp_release_lock(pool);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
...@@ -210,6 +213,7 @@ static void kvp_update_mem_state(int pool) ...@@ -210,6 +213,7 @@ static void kvp_update_mem_state(int pool)
if (record == NULL) { if (record == NULL) {
syslog(LOG_ERR, "malloc failed"); syslog(LOG_ERR, "malloc failed");
kvp_release_lock(pool);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
continue; continue;
...@@ -224,15 +228,11 @@ static void kvp_update_mem_state(int pool) ...@@ -224,15 +228,11 @@ static void kvp_update_mem_state(int pool)
fclose(filep); fclose(filep);
kvp_release_lock(pool); kvp_release_lock(pool);
} }
static int kvp_file_init(void) static int kvp_file_init(void)
{ {
int fd; int fd;
FILE *filep;
size_t records_read;
char *fname; char *fname;
struct kvp_record *record;
struct kvp_record *readp;
int num_blocks;
int i; int i;
int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK;
...@@ -246,61 +246,19 @@ static int kvp_file_init(void) ...@@ -246,61 +246,19 @@ static int kvp_file_init(void)
for (i = 0; i < KVP_POOL_COUNT; i++) { for (i = 0; i < KVP_POOL_COUNT; i++) {
fname = kvp_file_info[i].fname; fname = kvp_file_info[i].fname;
records_read = 0;
num_blocks = 1;
sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i); sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i);
fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, 0644 /* rw-r--r-- */); fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, 0644 /* rw-r--r-- */);
if (fd == -1) if (fd == -1)
return 1; return 1;
filep = fopen(fname, "re");
if (!filep) {
close(fd);
return 1;
}
record = malloc(alloc_unit * num_blocks);
if (record == NULL) {
fclose(filep);
close(fd);
return 1;
}
for (;;) {
readp = &record[records_read];
records_read += fread(readp, sizeof(struct kvp_record),
ENTRIES_PER_BLOCK,
filep);
if (ferror(filep)) {
syslog(LOG_ERR, "Failed to read file, pool: %d",
i);
exit(EXIT_FAILURE);
}
if (!feof(filep)) {
/*
* We have more data to read.
*/
num_blocks++;
record = realloc(record, alloc_unit *
num_blocks);
if (record == NULL) {
fclose(filep);
close(fd);
return 1;
}
continue;
}
break;
}
kvp_file_info[i].fd = fd; kvp_file_info[i].fd = fd;
kvp_file_info[i].num_blocks = num_blocks; kvp_file_info[i].num_blocks = 1;
kvp_file_info[i].records = record; kvp_file_info[i].records = malloc(alloc_unit);
kvp_file_info[i].num_records = records_read; if (kvp_file_info[i].records == NULL)
fclose(filep); return 1;
kvp_file_info[i].num_records = 0;
kvp_update_mem_state(i);
} }
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment