summaryrefslogtreecommitdiffstats
path: root/api
diff options
context:
space:
mode:
authorNiels de Vos <ndevos@redhat.com>2017-04-10 10:29:15 +0200
committerNiels de Vos <ndevos@redhat.com>2017-04-18 04:59:30 -0400
commit4c623481986a4697fe7bbb3f553b877d38650422 (patch)
treef33f09f8332f66b9204d7b8af1c4641903ba86c8 /api
parent94196dee1f1b0e22faab69cd9b1b1c70ba3d2f6f (diff)
gfapi: prevent off-by-one buffer overrun in glfs_sysrq()
Coverity found a potential buffer overrun in the strncat() usage for logging the help message with glfs_sysrq(). This seems to be an off-by-one mistake and should be addressed by reducing the initial size of the remainder calculation. Change-Id: Ide14add1cb28e5200d2c0df6b3a5154999ef3ca9 BUG: 789278 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: https://review.gluster.org/17024 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Amar Tumballi <amarts@redhat.com>
Diffstat (limited to 'api')
-rw-r--r--api/src/glfs.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/api/src/glfs.c b/api/src/glfs.c
index bd59027236a..10af6c78e17 100644
--- a/api/src/glfs.c
+++ b/api/src/glfs.c
@@ -1477,7 +1477,6 @@ pub_glfs_sysrq (struct glfs *fs, char sysrq)
glusterfs_ctx_t *ctx = NULL;
int ret = 0;
char msg[1024] = {0,}; /* should not exceed 1024 chars */
- size_t rem = sizeof (msg);
if (!fs || !fs->ctx) {
ret = -1;
@@ -1490,12 +1489,13 @@ pub_glfs_sysrq (struct glfs *fs, char sysrq)
switch (sysrq) {
case GLFS_SYSRQ_HELP:
{
- struct glfs_sysrq_help *usage;
+ struct glfs_sysrq_help *usage = NULL;
for (usage = glfs_sysrq_help; usage->sysrq; usage++) {
- strncat (msg, usage->msg, rem);
- rem -= strlen (usage->msg);
- strncat (msg, " ", rem--);
+ snprintf (msg + strlen (msg), /* append to msg */
+ sizeof (msg) - strlen (msg) - 2,
+ /* - 2 for the " " + terminating \0 */
+ " %s", usage->msg);
}
/* not really an 'error', but make sure it gets logged */