Hosting Provided By

A bug in message_add_payload()

From: Aref Taidi <ataidi(at)avaya.com>
Date: Tue Apr 15 2003 - 13:27:39 EDT

I am currently inspecting the isakmpd code of your 3.2 release with the view to port it.

In message_add_payload() there is a call to realloc() as follows: new_iov

(struct iovec *)realloc (msg->iov, (msg->iovlen + 1) * sizeof *msg->iov);

This code relies upon the new memory block being cleared to 0 and causes a memory crash in systems whose memory is not cleared. In fact to be consistent with message_alloc() any new memory obtained for msg->iov should ensure that the rest of memory is cleared, since in message_alloc() the memory obtained for msg->iov is using calloc().

Kind regards,

Aref Taidi
Principal Software Engineer
Avaya, Welwyn Garden City, UK
Tel: +44 (0) 1707 364657
email: ataidi@avaya.com Received on Tue Apr 15 13:31:49 2003

This message: [ Message body ]
Next message: Jason McIntyre: "Re: documentation/3203"
Previous message: kaoru(at)kaisei.org: "kernel/3204: aac: out of bounds message typo"
Next in thread: Hakan Olsson: "Re: A bug in message_add_payload()"
Reply: Hakan Olsson: "Re: A bug in message_add_payload()"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:54 EDT