On Sat, Mar 13, 2010 at 11:52:56AM +1100, Nathan Scott wrote:
>
> ----- "Ken McDonell" <kenj@xxxxxxxxxxxxxxxx> wrote:
>
> > OK, this was sloppy coding on my part, but it has probability of
> > occurrence that close to, or less than, the chance that I'll live to
> > 100
> > years old.
> >
> > Because I'm retired and have nothing better to do (sigh), the
> > attached
> > patch addresses the issue ... if someone else would care to review it
> > and it looks acceptable, I'll gladly commit it into my oss tree.
>
> Looking good.
>
> The memory allocation based on the ntohl(pduProfile->numprof), or
> instprof->profile_len, value looks like it could still use some
> kind of ceiling sanity test? (as per Gregs bug)
Yeah, it was that comment that struck me as the more important point.
Letting an arbitrary network-connected client allocate arbitrary amounts
of memory as root on the pmcd machine seems pretty terrible.
mh
|