From 74e8328d3f6901d6ba38a313965fe910c8411324 Mon Sep 17 00:00:00 2001 From: Amar Tumballi Date: Thu, 1 Nov 2018 07:25:25 +0530 Subject: all: fix the format string exceptions Currently, there are possibilities in few places, where a user-controlled (like filename, program parameter etc) string can be passed as 'fmt' for printf(), which can lead to segfault, if the user's string contains '%s', '%d' in it. While fixing it, makes sense to make the explicit check for such issues across the codebase, by making the format call properly. Fixes: CVE-2018-14661 Fixes: bz#1644763 Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4 Signed-off-by: Amar Tumballi --- xlators/performance/open-behind/src/open-behind.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'xlators/performance/open-behind') diff --git a/xlators/performance/open-behind/src/open-behind.c b/xlators/performance/open-behind/src/open-behind.c index 8021fd07a2e..6164b3b046d 100644 --- a/xlators/performance/open-behind/src/open-behind.c +++ b/xlators/performance/open-behind/src/open-behind.c @@ -1130,7 +1130,7 @@ ob_priv_dump(xlator_t *this) gf_proc_dump_build_key(key_prefix, "xlator.performance.open-behind", "priv"); - gf_proc_dump_add_section(key_prefix); + gf_proc_dump_add_section("%s", key_prefix); gf_proc_dump_write("use_anonymous_fd", "%d", conf->use_anonymous_fd); @@ -1160,14 +1160,14 @@ ob_fdctx_dump(xlator_t *this, fd_t *fd) gf_proc_dump_build_key(key_prefix, "xlator.performance.open-behind", "file"); - gf_proc_dump_add_section(key_prefix); + gf_proc_dump_add_section("%s", key_prefix); gf_proc_dump_write("fd", "%p", fd); gf_proc_dump_write("open_frame", "%p", ob_fd->open_frame); if (ob_fd->open_frame) - gf_proc_dump_write("open_frame.root.unique", "%p", + gf_proc_dump_write("open_frame.root.unique", "%" PRIu64, ob_fd->open_frame->root->unique); gf_proc_dump_write("loc.path", "%s", ob_fd->loc.path); -- cgit