all: fix the format string exceptions

Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.

While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.

Fixes: CVE-2018-14661

Fixes: bz#1644763
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/xlators/storage/posix/src/posix-common.c b/xlators/storage/posix/src/posix-common.c
index 03cb532e2c5..3642d475cb5 100644
--- a/xlators/storage/posix/src/posix-common.c
+++ b/xlators/storage/posix/src/posix-common.c
@@ -112,7 +112,7 @@ posix_priv(xlator_t *this)
 
     (void)snprintf(key_prefix, GF_DUMP_MAX_BUF_LEN, "%s.%s", this->type,
                    this->name);
-    gf_proc_dump_add_section(key_prefix);
+    gf_proc_dump_add_section("%s", key_prefix);
 
     if (!this)
         return 0;
@@ -124,8 +124,8 @@ posix_priv(xlator_t *this)
 
     gf_proc_dump_write("base_path", "%s", priv->base_path);
     gf_proc_dump_write("base_path_length", "%d", priv->base_path_length);
-    gf_proc_dump_write("max_read", "%d", priv->read_value);
-    gf_proc_dump_write("max_write", "%d", priv->write_value);
+    gf_proc_dump_write("max_read", "%" PRId64, priv->read_value);
+    gf_proc_dump_write("max_write", "%" PRId64, priv->write_value);
     gf_proc_dump_write("nr_files", "%ld", priv->nr_files);
 
     return 0;