You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Shevek (JIRA)" <ji...@apache.org> on 2013/03/28 22:05:15 UTC
[jira] [Commented] (ZOOKEEPER-1677) Misuse of INET_ADDRSTRLEN
[ https://issues.apache.org/jira/browse/ZOOKEEPER-1677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13616651#comment-13616651 ]
Shevek commented on ZOOKEEPER-1677:
-----------------------------------
Additional bugs:
a) Since grow() does not zero the memory, these comparisons will fail in any case, as the outstanding bytes of a sockaddr_storage over (say) a sockaddr_in will be nondeterministic (unless caller also zeros the passed-in ram, which never happens)
b) addrvec_append_addrinfo only copies part of the buffer, which exposes the non-zeroing locally.
So there are two different code paths where the trailing bytes of the _storage will be nondeterministic; one fixable locally and one not.
> Misuse of INET_ADDRSTRLEN
> -------------------------
>
> Key: ZOOKEEPER-1677
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1677
> Project: ZooKeeper
> Issue Type: Bug
> Affects Versions: 3.5.0
> Reporter: Shevek
>
> ZOOKEEPER-1355. Add zk.updateServerList(newServerList) (Alex Shraer, Marshall McMullen via fpj)
>
>
>
> git-svn-id: https://svn.apache.org/repos/asf/zookeeper/trunk@1410731 13f79535-47bb-0310-9956-ffa450edef68
> +int addrvec_contains(const addrvec_t *avec, const struct sockaddr_storage *addr)
> +{
> + if (!avec || !addr)
> + {
> + return 0;
> + }
> +
> + int i = 0;
> + for (i = 0; i < avec->count; i++)
> + {
> + if(memcmp(&avec->data[i], addr, INET_ADDRSTRLEN) == 0)
> + return 1;
> + }
> +
> + return 0;
> +}
> Pretty sure that should be sizeof(sockaddr_storage). INET_ADDRSTRLEN is the size of the character buffer which needs to be allocated for the return value of inet_ntop, which seems to be totally wrong.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira