FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Cluster Development
Reload this Page cman_tool: fix a few possible buffer overflow

 
 
LinkBack Thread Tools
 
Old 11-23-2011, 09:15 AM
"Fabio M. Di Nitto"
 
Default cman_tool: fix a few possible buffer overflow
Spotted by Coverity Scan

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
:100644 100644 a1c1c14... 44c8d69... M cman/cman_tool/join.c
:100644 100644 0e8876a... b0a2116... M cman/cman_tool/main.c
cman/cman_tool/join.c | 5 +++--
cman/cman_tool/main.c | 6 +++---
2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/cman/cman_tool/join.c b/cman/cman_tool/join.c
index a1c1c14..44c8d69 100644
--- a/cman/cman_tool/join.c
+++ b/cman/cman_tool/join.c
@@ -94,7 +94,7 @@ static const char *corosync_exit_reason(signed char status)
return "Another Corosync instance is already running";
break;
default:
- sprintf(reason, "Error, reason code is %d", status);
+ snprintf(reason, sizeof(reason) - 1, "Error, reason code is %d", status);
return reason;
break;
}
@@ -287,7 +287,8 @@ int join(commandline_t *comline)
/* Did we get a cman-reported error? */
if (status == 1) {
int len;
- if ((len = read(p[0], message, sizeof(message)) > 0)) {
+ if ((len = read(p[0], message, sizeof(message) - 1) > 0)) {
+ message[sizeof(message) - 1] = '';

/* Forked OK - get the real corosync pid */
if ((messageptr) && (sscanf(messageptr, "FORKED: %d", &corosync_pid) == 1)) {
diff --git a/cman/cman_tool/main.c b/cman/cman_tool/main.c
index 0e8876a..b0a2116 100644
--- a/cman/cman_tool/main.c
+++ b/cman/cman_tool/main.c
@@ -188,7 +188,7 @@ static char *membership_state(char *buf, int buflen, int node_state)
strncpy(buf, "Leaving", buflen);
break;
default:
- sprintf(buf, "Unknown: code=%d", node_state);
+ snprintf(buf, buflen - 1, "Unknown: code=%d", node_state);
break;
}

@@ -414,7 +414,7 @@ static void print_node(commandline_t *comline, cman_handle_t h, int *format, str
if (node->cn_jointime.tv_sec && node->cn_member)
strftime(jstring, sizeof(jstring), "%F %H:%M:%S", jtime);
else
- strcpy(jstring, " ");
+ strncpy(jstring, " ", sizeof(jstring));

if (!comline->format_opts) {
printf("%4u %c %5d %s %s
",
@@ -1018,7 +1018,7 @@ static void decode_arguments(int argc, char *argv[], commandline_t *comline)
if (strlen(optarg) > MAX_NODE_NAME_LEN-1)
die("maximum cluster name length is %d",
MAX_CLUSTER_NAME_LEN-1);
- strcpy(comline->clustername, optarg);
+ strncpy(comline->clustername, optarg, sizeof(comline->clustername) - 1);
comline->clustername_opt = TRUE;
break;

--
1.7.4.4
 

Thread Tools




All times are GMT. The time now is 09:09 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -