diff options
author | Amar Tumballi <amarts@redhat.com> | 2018-11-01 07:25:25 +0530 |
---|---|---|
committer | Shyamsundar Ranganathan <srangana@redhat.com> | 2018-11-05 18:50:59 +0000 |
commit | 74e8328d3f6901d6ba38a313965fe910c8411324 (patch) | |
tree | 4816063d412cf9e436da301fccf165485bf22e18 /xlators/performance/read-ahead | |
parent | 2effe3b0d3fa51fc627c970353de2e326bcf1ef2 (diff) |
all: fix the format string exceptions
Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.
While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.
Fixes: CVE-2018-14661
Fixes: bz#1644763
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Diffstat (limited to 'xlators/performance/read-ahead')
-rw-r--r-- | xlators/performance/read-ahead/src/read-ahead.c | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/xlators/performance/read-ahead/src/read-ahead.c b/xlators/performance/read-ahead/src/read-ahead.c index 2fdb56479ab..c62bd1bb172 100644 --- a/xlators/performance/read-ahead/src/read-ahead.c +++ b/xlators/performance/read-ahead/src/read-ahead.c @@ -744,7 +744,7 @@ ra_page_dump(struct ra_page *page) gf_proc_dump_write("offset", "%" PRId64, page->offset); - gf_proc_dump_write("size", "%" PRId64, page->size); + gf_proc_dump_write("size", "%" GF_PRI_SIZET, page->size); gf_proc_dump_write("dirty", "%s", page->dirty ? "yes" : "no"); @@ -770,9 +770,6 @@ ra_fdctx_dump(xlator_t *this, fd_t *fd) int32_t ret = 0, i = 0; uint64_t tmp_file = 0; char *path = NULL; - char key[GF_DUMP_MAX_BUF_LEN] = { - 0, - }; char key_prefix[GF_DUMP_MAX_BUF_LEN] = { 0, }; @@ -787,7 +784,7 @@ ra_fdctx_dump(xlator_t *this, fd_t *fd) gf_proc_dump_build_key(key_prefix, "xlator.performance.read-ahead", "file"); - gf_proc_dump_add_section(key_prefix); + gf_proc_dump_add_section("%s", key_prefix); ret = __inode_path(fd->inode, NULL, &path); if (path != NULL) { @@ -812,8 +809,7 @@ ra_fdctx_dump(xlator_t *this, fd_t *fd) file->offset); for (page = file->pages.next; page != &file->pages; page = page->next) { - sprintf(key, "page[%d]", i); - gf_proc_dump_write(key, "%p", page[i++]); + gf_proc_dump_write("page", "%d: %p", i++, (void *)page); ra_page_dump(page); } @@ -1040,14 +1036,14 @@ ra_priv_dump(xlator_t *this) gf_proc_dump_build_key(key_prefix, "xlator.performance.read-ahead", "priv"); - gf_proc_dump_add_section(key_prefix); + gf_proc_dump_add_section("%s", key_prefix); add_section = _gf_true; ret = pthread_mutex_trylock(&conf->conf_lock); if (ret) goto out; { - gf_proc_dump_write("page_size", "%d", conf->page_size); + gf_proc_dump_write("page_size", "%" PRIu64, conf->page_size); gf_proc_dump_write("page_count", "%d", conf->page_count); gf_proc_dump_write("force_atime_update", "%d", conf->force_atime_update); @@ -1058,7 +1054,7 @@ ra_priv_dump(xlator_t *this) out: if (ret && conf) { if (add_section == _gf_false) - gf_proc_dump_add_section(key_prefix); + gf_proc_dump_add_section("%s", key_prefix); gf_proc_dump_write("Unable to dump priv", "(Lock acquisition failed) %s", this->name); |