Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Cluster Development (http://www.linux-archive.org/cluster-development/)
-   -   cman_tool: fix a few possible buffer overflow (http://www.linux-archive.org/cluster-development/601612-cman_tool-fix-few-possible-buffer-overflow.html)

"Fabio M. Di Nitto" 11-23-2011 09:15 AM

cman_tool: fix a few possible buffer overflow
 
Spotted by Coverity Scan

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
:100644 100644 a1c1c14... 44c8d69... M cman/cman_tool/join.c
:100644 100644 0e8876a... b0a2116... M cman/cman_tool/main.c
cman/cman_tool/join.c | 5 +++--
cman/cman_tool/main.c | 6 +++---
2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/cman/cman_tool/join.c b/cman/cman_tool/join.c
index a1c1c14..44c8d69 100644
--- a/cman/cman_tool/join.c
+++ b/cman/cman_tool/join.c
@@ -94,7 +94,7 @@ static const char *corosync_exit_reason(signed char status)
return "Another Corosync instance is already running";
break;
default:
- sprintf(reason, "Error, reason code is %d", status);
+ snprintf(reason, sizeof(reason) - 1, "Error, reason code is %d", status);
return reason;
break;
}
@@ -287,7 +287,8 @@ int join(commandline_t *comline)
/* Did we get a cman-reported error? */
if (status == 1) {
int len;
- if ((len = read(p[0], message, sizeof(message)) > 0)) {
+ if ((len = read(p[0], message, sizeof(message) - 1) > 0)) {
+ message[sizeof(message) - 1] = '';

/* Forked OK - get the real corosync pid */
if ((messageptr) && (sscanf(messageptr, "FORKED: %d", &corosync_pid) == 1)) {
diff --git a/cman/cman_tool/main.c b/cman/cman_tool/main.c
index 0e8876a..b0a2116 100644
--- a/cman/cman_tool/main.c
+++ b/cman/cman_tool/main.c
@@ -188,7 +188,7 @@ static char *membership_state(char *buf, int buflen, int node_state)
strncpy(buf, "Leaving", buflen);
break;
default:
- sprintf(buf, "Unknown: code=%d", node_state);
+ snprintf(buf, buflen - 1, "Unknown: code=%d", node_state);
break;
}

@@ -414,7 +414,7 @@ static void print_node(commandline_t *comline, cman_handle_t h, int *format, str
if (node->cn_jointime.tv_sec && node->cn_member)
strftime(jstring, sizeof(jstring), "%F %H:%M:%S", jtime);
else
- strcpy(jstring, " ");
+ strncpy(jstring, " ", sizeof(jstring));

if (!comline->format_opts) {
printf("%4u %c %5d %s %s
",
@@ -1018,7 +1018,7 @@ static void decode_arguments(int argc, char *argv[], commandline_t *comline)
if (strlen(optarg) > MAX_NODE_NAME_LEN-1)
die("maximum cluster name length is %d",
MAX_CLUSTER_NAME_LEN-1);
- strcpy(comline->clustername, optarg);
+ strncpy(comline->clustername, optarg, sizeof(comline->clustername) - 1);
comline->clustername_opt = TRUE;
break;

--
1.7.4.4


All times are GMT. The time now is 07:06 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.