diff options
author | Rusty Russell <rusty@rustcorp.com.au> | 2011-12-19 15:47:50 +1030 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2011-12-19 07:52:01 +0100 |
commit | b64494535dc62f4073fc6302847593ed6e6ec38b (patch) | |
tree | fc81a835f7f0c559b1d85fb3ebc33b0f9e4e42b0 /lib/tdb/common/transaction.c | |
parent | 6260d8c29b4828511ecd1c3fc176612e0a0c73ce (diff) | |
download | samba-b64494535dc62f4073fc6302847593ed6e6ec38b.tar.gz samba-b64494535dc62f4073fc6302847593ed6e6ec38b.tar.bz2 samba-b64494535dc62f4073fc6302847593ed6e6ec38b.zip |
tdb: be more careful on 4G files.
I came across a tdb which had wrapped to 4G + 4K, and the contents had been
destroyed by processes which thought it only 4k long. Fix this by checking
on open, and making tdb_oob() check for wrap itself.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date: Mon Dec 19 07:52:01 CET 2011 on sn-devel-104
Diffstat (limited to 'lib/tdb/common/transaction.c')
-rw-r--r-- | lib/tdb/common/transaction.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/tdb/common/transaction.c b/lib/tdb/common/transaction.c index e4573cb0a9..66ecbfdefb 100644 --- a/lib/tdb/common/transaction.c +++ b/lib/tdb/common/transaction.c @@ -382,9 +382,10 @@ static void transaction_next_hash_chain(struct tdb_context *tdb, uint32_t *chain /* out of bounds check during a transaction */ -static int transaction_oob(struct tdb_context *tdb, tdb_off_t len, int probe) +static int transaction_oob(struct tdb_context *tdb, tdb_off_t off, + tdb_len_t len, int probe) { - if (len <= tdb->map_size) { + if (off + len >= off && off + len <= tdb->map_size) { return 0; } tdb->ecode = TDB_ERR_IO; @@ -507,7 +508,7 @@ static int _tdb_transaction_start(struct tdb_context *tdb, /* make sure we know about any file expansions already done by anyone else */ - tdb->methods->tdb_oob(tdb, tdb->map_size + 1, 1); + tdb->methods->tdb_oob(tdb, tdb->map_size, 1, 1); tdb->transaction->old_map_size = tdb->map_size; /* finally hook the io methods, replacing them with @@ -741,7 +742,7 @@ static int tdb_recovery_allocate(struct tdb_context *tdb, } /* remap the file (if using mmap) */ - methods->tdb_oob(tdb, tdb->map_size + 1, 1); + methods->tdb_oob(tdb, tdb->map_size, 1, 1); /* we have to reset the old map size so that we don't try to expand the file again in the transaction commit, which would destroy the recovery area */ @@ -980,7 +981,7 @@ static int _tdb_transaction_prepare_commit(struct tdb_context *tdb) return -1; } tdb->map_size = tdb->transaction->old_map_size; - methods->tdb_oob(tdb, tdb->map_size + 1, 1); + methods->tdb_oob(tdb, tdb->map_size, 1, 1); } /* Keep the open lock until the actual commit */ |