summaryrefslogtreecommitdiffstats
path: root/xlators/features/locks/src/posix.c
diff options
context:
space:
mode:
authorAmar Tumballi <amarts@redhat.com>2018-11-08 10:46:12 +0530
committerShyamsundar Ranganathan <srangana@redhat.com>2018-11-09 14:04:25 +0000
commit9d9b9745c7e424f01e5526b23b1da17db263275e (patch)
treed1f0be3e68c91ea86febbecfcf2a79d381d67c66 /xlators/features/locks/src/posix.c
parent03b65fd52d3e4e3e9d4978fd30c694c51bcde3e3 (diff)
features/locks: fix statedump string
Currently, there are possibilities in few places, where a user-controlled (like filename, program parameter etc) string can be passed as 'fmt' for printf(), which can lead to segfault, if the user's string contains '%s', '%d' in it. Fixes: CVE-2018-14661 NOTE: this change is a focused fix for the CVE, but is just subset of changes in master. This is done so that we keep the changes in the codebase to minimum, and also as clang coding standard is implemented, the changes wouldn't apply cleanly from master, so there is scope for mistakes. By keeping it to minimum, we solve CVE, and also prevent errors. Fixes: bz#1647668 Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4 Signed-off-by: Amar Tumballi <amarts@redhat.com>
Diffstat (limited to 'xlators/features/locks/src/posix.c')
-rw-r--r--xlators/features/locks/src/posix.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/xlators/features/locks/src/posix.c b/xlators/features/locks/src/posix.c
index 44766fbf09b..f47c42f3ff2 100644
--- a/xlators/features/locks/src/posix.c
+++ b/xlators/features/locks/src/posix.c
@@ -3265,7 +3265,7 @@ __dump_entrylks (pl_inode_t *pl_inode)
blocked, granted);
}
- gf_proc_dump_write(key, tmp);
+ gf_proc_dump_write(key, "%s", tmp);
count++;
}
@@ -3286,7 +3286,7 @@ __dump_entrylks (pl_inode_t *pl_inode)
lkowner_utoa (&lock->owner), lock->client,
lock->connection_id, blocked);
- gf_proc_dump_write(key, tmp);
+ gf_proc_dump_write(key, "%s", tmp);
count++;
}
@@ -3337,7 +3337,7 @@ __dump_inodelks (pl_inode_t *pl_inode)
&lock->granted_time.tv_sec,
&lock->blkd_time.tv_sec,
_gf_true);
- gf_proc_dump_write(key, tmp);
+ gf_proc_dump_write(key, "%s", tmp);
count++;
}
@@ -3353,7 +3353,7 @@ __dump_inodelks (pl_inode_t *pl_inode)
lock->client, lock->connection_id,
0, &lock->blkd_time.tv_sec,
_gf_false);
- gf_proc_dump_write(key, tmp);
+ gf_proc_dump_write(key, "%s", tmp);
count++;
}
@@ -3394,7 +3394,7 @@ __dump_posixlks (pl_inode_t *pl_inode)
&lock->owner, lock->client, NULL,
&lock->granted_time.tv_sec, &lock->blkd_time.tv_sec,
(lock->blocked)? _gf_false: _gf_true);
- gf_proc_dump_write(key, tmp);
+ gf_proc_dump_write(key, "%s", tmp);
count++;
}