[ovs-dev] [PATCH monitor_cond V13 1/2] ovsdb: Fix reference to table's row on condition_add|remove_clause

Liran Schour Mon, 15 Aug 2016 06:04:41 -0700

Use struct uuid * on [add|remove]_clause on columns which are references to
tables. That prevents use-after-free errors.


Signed-off-by: Liran Schour <lir...@il.ibm.com>
---
 ovsdb/ovsdb-idlc.in | 62 ++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 54 insertions(+), 8 deletions(-)

diff --git a/ovsdb/ovsdb-idlc.in b/ovsdb/ovsdb-idlc.in
index 487876b..a98ea80 100755
--- a/ovsdb/ovsdb-idlc.in
+++ b/ovsdb/ovsdb-idlc.in
@@ -246,6 +246,11 @@ bool %(s)s_is_updated(const struct %(s)s *, enum 
%(s)s_column_id);
             else:
                 comment, members = cMembers(prefix, tableName, columnName,
                                             column, True)
+                if column.type.key.is_ref():
+                    if column.type.n_max == 1:
+                        members[0]['type'] = 'struct uuid *'
+                    else:
+                        members[0]['type'] = 'struct uuid **'
                 args = ['%(type)s%(name)s' % member for member in members]
             print '%s);' % ', '.join(args)
 
@@ -260,6 +265,11 @@ bool %(s)s_is_updated(const struct %(s)s *, enum 
%(s)s_column_id);
             else:
                 comment, members = cMembers(prefix, tableName, columnName,
                                             column, True)
+                if column.type.key.is_ref():
+                    if column.type.n_max == 1:
+                        members[0]['type'] = 'struct uuid *'
+                    else:
+                        members[0]['type'] = 'struct uuid **'
                 args = ['%(type)s%(name)s' % member for member in members]
             print '%s);' % ', '.join(args)
 
@@ -979,6 +989,12 @@ void
                 if len(members) > 1:
                     nVar = members[1]['name']
 
+            if type.key.is_ref():
+                if column.type.n_max == 1:
+                    members[0]['type'] = 'struct uuid *'
+                else:
+                    members[0]['type'] = 'struct uuid **'
+
             print comment
             print 'void'
             print '%(s)s_add_clause_%(c)s(struct ovsdb_idl *idl, enum 
ovsdb_function function, %(args)s)' % \
@@ -994,7 +1010,10 @@ void
                 print "    ovs_assert(inited);"
                 print "    datum.n = 1;"
                 print "    datum.keys = &key;"
-                print "    " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), keyVar)
+                if type.key.is_ref():
+                    print "    key.%s = *%s;" % (type.key.type.to_string(), 
keyVar)
+                else:
+                    print "    " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), keyVar)
                 if type.value:
                     print "    datum.values = &value;"
                     print "    "+ 
type.value.assign_c_value_casting_away_const("value.%s" % 
type.value.type.to_string(), valueVar)
@@ -1007,7 +1026,10 @@ void
                 print "    if (%s) {" % keyVar
                 print "        datum.n = 1;"
                 print "        datum.keys = &key;"
-                print "        " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), keyVar)
+                if type.key.is_ref():
+                    print "    key.%s = *%s;" % (type.key.type.to_string(), 
keyVar)
+                else:
+                    print "        " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), keyVar)
                 print "    } else {"
                 print "        datum.n = 0;"
                 print "        datum.keys = NULL;"
@@ -1020,7 +1042,10 @@ void
                 print "    if (%s) {" % nVar
                 print "        datum.n = 1;"
                 print "        datum.keys = &key;"
-                print "        " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), "*" + keyVar)
+                if type.key.is_ref():
+                    print "    key.%s = *%s;" % (type.key.type.to_string(), 
keyVar)
+                else:
+                    print "        " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), "*" + keyVar)
                 print "    } else {"
                 print "        datum.n = 0;"
                 print "        datum.keys = NULL;"
@@ -1037,7 +1062,10 @@ void
                 else:
                     print "    datum.values = NULL;"
                 print "    for (i = 0; i < %s; i++) {" % nVar
-                print "        " + type.key.copyCValue("datum.keys[i].%s" % 
type.key.type.to_string(), "%s[i]" % keyVar)
+                if type.key.is_ref():
+                    print "        datum.keys[i].%s = *%s[i];" % 
(type.key.type.to_string(), keyVar)
+                else:
+                    print "        " + type.key.copyCValue("datum.keys[i].%s" 
% type.key.type.to_string(), "%s[i]" % keyVar)
                 if type.value:
                     print "        " + 
type.value.copyCValue("datum.values[i].%s" % type.value.type.to_string(), 
"%s[i]" % valueVar)
                 print "    }"
@@ -1145,6 +1173,12 @@ void
                 if len(members) > 1:
                     nVar = members[1]['name']
 
+            if type.key.is_ref():
+                if type.n_max == 1:
+                    members[0]['type'] = 'struct uuid *'
+                else:
+                    members[0]['type'] = 'struct uuid **'
+
             print comment
             print 'void'
             print '%(s)s_remove_clause_%(c)s(struct ovsdb_idl *idl, enum 
ovsdb_function function, %(args)s)' % \
@@ -1160,7 +1194,10 @@ void
                 print "    ovs_assert(inited);"
                 print "    datum.n = 1;"
                 print "    datum.keys = &key;"
-                print "    " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), keyVar)
+                if type.key.is_ref():
+                    print "    key.%s = *%s;" % (type.key.type.to_string(), 
keyVar)
+                else:
+                    print "    " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), keyVar)
                 if type.value:
                     print "    datum.values = &value;"
                     print "    "+ 
type.value.assign_c_value_casting_away_const("value.%s" % 
type.value.type.to_string(), valueVar)
@@ -1173,7 +1210,10 @@ void
                 print "    if (%s) {" % keyVar
                 print "        datum.n = 1;"
                 print "        datum.keys = &key;"
-                print "        " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), keyVar)
+                if type.key.is_ref():
+                    print "    key.%s = *%s;" % (type.key.type.to_string(), 
keyVar)
+                else:
+                    print "        " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), keyVar)
                 print "    } else {"
                 print "        datum.n = 0;"
                 print "        datum.keys = NULL;"
@@ -1186,7 +1226,10 @@ void
                 print "    if (%s) {" % nVar
                 print "        datum.n = 1;"
                 print "        datum.keys = &key;"
-                print "        " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), "*" + keyVar)
+                if type.key.is_ref():
+                    print "    key.%s = *%s;" % (type.key.type.to_string(), 
keyVar)
+                else:
+                    print "        " + 
type.key.assign_c_value_casting_away_const("key.%s" % 
type.key.type.to_string(), "*" + keyVar)
                 print "    } else {"
                 print "        datum.n = 0;"
                 print "        datum.keys = NULL;"
@@ -1203,7 +1246,10 @@ void
                 else:
                     print "    datum.values = NULL;"
                 print "    for (i = 0; i < %s; i++) {" % nVar
-                print "        " + type.key.copyCValue("datum.keys[i].%s" % 
type.key.type.to_string(), "%s[i]" % keyVar)
+                if type.key.is_ref():
+                    print "        datum.keys[i].%s = *%s[i];" % 
(type.key.type.to_string(), keyVar)
+                else:
+                    print "        " + type.key.copyCValue("datum.keys[i].%s" 
% type.key.type.to_string(), "%s[i]" % keyVar)
                 if type.value:
                     print "        " + 
type.value.copyCValue("datum.values[i].%s" % type.value.type.to_string(), 
"%s[i]" % valueVar)
                 print "    }"
-- 
2.1.4

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

[ovs-dev] [PATCH monitor_cond V13 1/2] ovsdb: Fix reference to table's row on condition_add|remove_clause

Reply via email to