[Openais] patch for buffer overflow in clm.c:my_cluster_node_load

Steven Dake sdake at redhat.com
Wed Feb 18 01:36:13 PST 2009

On Wed, 2009-02-18 at 10:31 +0100, Lars Marowsky-Bree wrote:
> On 2009-02-17T22:47:28, Steven Dake <sdake at redhat.com> wrote:
> > IMO the bugzilla should never result in a buffer overflow and points at
> > a problem is totempg_ifaces_get.  I put some data in the bugzilla which
> > I'd like collected if possible.
> > 
> > Maybe it can help us get to the root cause of the problem instead of
> > hacking around it with this patch.
> Getting to the root cause surely is appreciated, yet still, using
> snprintf() + error checking seems like a good idea too?
yes but I am hesitant to put a patch in the source that masks a real
problem.  Once we sort out the root cause, we can address the buffer


> Regards,
>     Lars

More information about the Openais mailing list