summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJim Meyering <meyering@redhat.com>2012-07-09 22:50:09 +0200
committerAnand Avati <avati@redhat.com>2012-07-11 19:17:19 -0700
commita8ce48126dc57726f820e8815cff8b24911ca076 (patch)
tree62537644d8847a7913727ce74b802bb7c8ad4f5f
parent7c88fcd63df71cc1b81caea791235a828c9b419e (diff)
cli: print_brick_status: don't smash stack
For bricklen > 110 (i.e., 2 * fieldlen), the if-clause would be executed 2 or more times, making strncpy write past the end of "buf", clobbering the stack. Rewrite, removing unnecessary use of strncpy, strlen and decl/use of the temporary buffer, and instead, specifying precision via a printf-style format directive. Coverity identified the static buffer overrun. Change-Id: I176386e752c397dea22265de9f3c6eb631334f4f BUG: 789278 Signed-off-by: Jim Meyering <meyering@redhat.com> Reviewed-on: http://review.gluster.com/3646 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
-rw-r--r--cli/src/cli-cmd-volume.c11
1 files changed, 3 insertions, 8 deletions
diff --git a/cli/src/cli-cmd-volume.c b/cli/src/cli-cmd-volume.c
index 704f9dddb7d..c0faaa07b56 100644
--- a/cli/src/cli-cmd-volume.c
+++ b/cli/src/cli-cmd-volume.c
@@ -1582,21 +1582,16 @@ int
cli_print_brick_status (cli_volume_status_t *status)
{
int fieldlen = CLI_VOL_STATUS_BRICK_LEN;
- char buf[80] = {0,};
int bricklen = 0;
- int i = 0;
char *p = NULL;
int num_tabs = 0;
- bricklen = strlen (status->brick);
p = status->brick;
+ bricklen = strlen (p);
while (bricklen > 0) {
if (bricklen > fieldlen) {
- i++;
- strncpy (buf, p, min (fieldlen, (sizeof (buf)-1)));
- buf[strlen(buf) + 1] = '\0';
- cli_out ("%s", buf);
- p = status->brick + i * fieldlen;
+ cli_out ("%.*s", fieldlen, p);
+ p += fieldlen;
bricklen -= fieldlen;
} else {
num_tabs = (fieldlen - bricklen) / CLI_TAB_LENGTH + 1;