This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] nscd stat crash fix

From: Thorsten Kukuk <kukuk at suse dot de>
To: libc-hacker at sources dot redhat dot com
Date: Mon, 13 Sep 2004 15:05:16 +0200
Subject: [PATCH] nscd stat crash fix
Organization: SuSE Linux AG, Nuernberg, Germany

Hi,

if you disable a service and run "nscd -g", the nscd daemon will
crash by dereferencing a NULL pointer:


2004-09-13  Thorsten Kukuk  <kukuk@suse.de>

	* nscd/nscd_stat.c: don't access dbs[cnt].head for disabled
	services.

--- nscd/nscd_stat.c	10 Sep 2004 20:31:05 -0000	1.9
+++ nscd/nscd_stat.c	13 Sep 2004 13:02:56 -0000
@@ -88,25 +88,29 @@
 
   for (cnt = 0; cnt < lastdb; ++cnt)
     {
+      memset (&data.dbs[cnt], 0, sizeof (data.dbs[cnt]));
       data.dbs[cnt].enabled = dbs[cnt].enabled;
       data.dbs[cnt].check_file = dbs[cnt].check_file;
       data.dbs[cnt].shared = dbs[cnt].shared;
       data.dbs[cnt].persistent = dbs[cnt].persistent;
-      data.dbs[cnt].module = dbs[cnt].head->module;
       data.dbs[cnt].postimeout = dbs[cnt].postimeout;
       data.dbs[cnt].negtimeout = dbs[cnt].negtimeout;
-      data.dbs[cnt].poshit = dbs[cnt].head->poshit;
-      data.dbs[cnt].neghit = dbs[cnt].head->neghit;
-      data.dbs[cnt].posmiss = dbs[cnt].head->posmiss;
-      data.dbs[cnt].negmiss = dbs[cnt].head->negmiss;
-      data.dbs[cnt].nentries = dbs[cnt].head->nentries;
-      data.dbs[cnt].maxnentries = dbs[cnt].head->maxnentries;
-      data.dbs[cnt].datasize = dbs[cnt].head->data_size;
-      data.dbs[cnt].dataused = dbs[cnt].head->first_free;
-      data.dbs[cnt].maxnsearched = dbs[cnt].head->maxnsearched;
-      data.dbs[cnt].rdlockdelayed = dbs[cnt].head->rdlockdelayed;
-      data.dbs[cnt].wrlockdelayed = dbs[cnt].head->wrlockdelayed;
-      data.dbs[cnt].addfailed = dbs[cnt].head->addfailed;
+      if (dbs[cnt].head != NULL)
+	{
+	  data.dbs[cnt].module = dbs[cnt].head->module;
+	  data.dbs[cnt].poshit = dbs[cnt].head->poshit;
+	  data.dbs[cnt].neghit = dbs[cnt].head->neghit;
+	  data.dbs[cnt].posmiss = dbs[cnt].head->posmiss;
+	  data.dbs[cnt].negmiss = dbs[cnt].head->negmiss;
+	  data.dbs[cnt].nentries = dbs[cnt].head->nentries;
+	  data.dbs[cnt].maxnentries = dbs[cnt].head->maxnentries;
+	  data.dbs[cnt].datasize = dbs[cnt].head->data_size;
+	  data.dbs[cnt].dataused = dbs[cnt].head->first_free;
+	  data.dbs[cnt].maxnsearched = dbs[cnt].head->maxnsearched;
+	  data.dbs[cnt].rdlockdelayed = dbs[cnt].head->rdlockdelayed;
+	  data.dbs[cnt].wrlockdelayed = dbs[cnt].head->wrlockdelayed;
+	  data.dbs[cnt].addfailed = dbs[cnt].head->addfailed;
+	}
     }
 
   if (TEMP_FAILURE_RETRY (write (fd, &data, sizeof (data))) != sizeof (data))

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Maxfeldstr. 5                 D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

Follow-Ups:
- Re: [PATCH] nscd stat crash fix
  - From: Ulrich Drepper

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]