#2059 sss_packet_grow: wrong use of module to pad data
Closed: Fixed None Opened 10 years ago by pbrezina.

This code in sss_packet_grow() is used to pad data to 512 bytes.

    if (totlen < len) {
        int n = len % SSSSRV_PACKET_MEM_SIZE + 1;
        totlen += n * SSSSRV_PACKET_MEM_SIZE;
        if (totlen < len) {
            return EINVAL;
        }
    }

If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number, we can end up with totlen < len and return EINVAL.

It also does not pad the length, but usually allocates much more memory than is desired.

    len = 1024
    n = 1024 % 512 + 1 = 0 + 1 = 1
    totlen = 1 * 512 = 512
    => totlen < len

    len = 511
    n = 511 % 512 + 1 = 511 + 1
    totlen = 512 * 512 = 262144
    totlen is way bigger than it was supposed to be

Operator / should be used instead of %.


Fields changed

owner: somebody => pbrezina
patch: 0 => 1
status: new => assigned

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.0
resolution: => fixed
status: assigned => closed

Fields changed

changelog: => N/A, just a bugfix

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.11.0

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3101

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata