#2059 sss_packet_grow: wrong use of module to pad data
Closed: Fixed None Opened 5 years ago by pbrezina.

This code in sss_packet_grow() is used to pad data to 512 bytes.

    if (totlen < len) {
        int n = len % SSSSRV_PACKET_MEM_SIZE + 1;
        totlen += n * SSSSRV_PACKET_MEM_SIZE;
        if (totlen < len) {
            return EINVAL;
        }
    }

If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number, we can end up with totlen < len and return EINVAL.

It also does not pad the length, but usually allocates much more memory than is desired.

    len = 1024
    n = 1024 % 512 + 1 = 0 + 1 = 1
    totlen = 1 * 512 = 512
    => totlen < len

    len = 511
    n = 511 % 512 + 1 = 511 + 1
    totlen = 512 * 512 = 262144
    totlen is way bigger than it was supposed to be

Operator / should be used instead of %.


Fields changed

owner: somebody => pbrezina
patch: 0 => 1
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.0
resolution: => fixed
status: assigned => closed

Fields changed

changelog: => N/A, just a bugfix

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.11.0

2 years ago

Login to comment on this ticket.

Metadata