FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Cluster Development
Reload this Page cman: fix several virtually impossible buffer overflows

 
 
LinkBack Thread Tools
 
Old 11-23-2011, 09:15 AM
"Fabio M. Di Nitto"
 
Default cman: fix several virtually impossible buffer overflows
Spotted by Coverity Scan

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
:100644 100644 6b5640a... ea5020c... M cman/daemon/ais.c
:100644 100644 37283ba... c356abe... M cman/daemon/barrier.c
:100644 100644 d632c17... baf94df... M cman/daemon/cman-preconfig.c
:100644 100644 d3009d0... 7eb52e4... M cman/daemon/cmanconfig.c
:100644 100644 6b61332... f397234... M cman/daemon/commands.c
cman/daemon/ais.c | 2 +-
cman/daemon/barrier.c | 6 +-
cman/daemon/cman-preconfig.c | 114 +++++++++++++++++++++---------------------
cman/daemon/cmanconfig.c | 2 +-
cman/daemon/commands.c | 18 +++---
5 files changed, 71 insertions(+), 71 deletions(-)

diff --git a/cman/daemon/ais.c b/cman/daemon/ais.c
index 6b5640a..ea5020c 100644
--- a/cman/daemon/ais.c
+++ b/cman/daemon/ais.c
@@ -213,7 +213,7 @@ static int cman_exec_init_fn(struct corosync_api_v1 *api)
cman_init(api);

/* Let cman_tool know we are running and our PID */
- sprintf(pipe_msg,"SUCCESS: %d", getpid());
+ snprintf(pipe_msg, sizeof(pipe_msg) - 1,"SUCCESS: %d", getpid());
write_cman_pipe(pipe_msg);
close(startup_pipe);
startup_pipe = 0;
diff --git a/cman/daemon/barrier.c b/cman/daemon/barrier.c
index 37283ba..c356abe 100644
--- a/cman/daemon/barrier.c
+++ b/cman/daemon/barrier.c
@@ -101,7 +101,7 @@ static void check_barrier_complete_phase1(struct cl_barrier *barrier)

bmsg.cmd = CLUSTER_MSG_BARRIER;
bmsg.subcmd = BARRIER_COMPLETE;
- strcpy(bmsg.name, barrier->name);
+ strncpy(bmsg.name, barrier->name, MAX_BARRIER_NAME_LEN - 1);

log_printf(LOGSYS_LEVEL_DEBUG, "barrier: Sending COMPLETE for %s
", barrier->name);
comms_send_message((char *) &bmsg, sizeof (bmsg),
@@ -160,7 +160,7 @@ static struct cl_barrier *alloc_barrier(char *name, int nodes)
}
memset(barrier, 0, sizeof (*barrier));

- strcpy(barrier->name, name);
+ strncpy(barrier->name, name, MAX_BARRIER_NAME_LEN - 1);
barrier->flags = 0;
barrier->expected_nodes = nodes;
barrier->got_nodes = 0;
@@ -268,7 +268,7 @@ static int barrier_setattr_enabled(struct cl_barrier *barrier,
/* Send it to the rest of the cluster */
bmsg.cmd = CLUSTER_MSG_BARRIER;
bmsg.subcmd = BARRIER_WAIT;
- strcpy(bmsg.name, barrier->name);
+ strncpy(bmsg.name, barrier->name, MAX_BARRIER_NAME_LEN - 1);

barrier->waitsent = 1;
barrier->phase = 1;
diff --git a/cman/daemon/cman-preconfig.c b/cman/daemon/cman-preconfig.c
index d632c17..baf94df 100644
--- a/cman/daemon/cman-preconfig.c
+++ b/cman/daemon/cman-preconfig.c
@@ -302,14 +302,14 @@ static int add_ifaddr(struct objdb_iface_ver0 *objdb, char *mcast, char *ifaddr,
/* Check the families match */
if (address_family(mcast, &mcast_addr, 0) !=
address_family(ifaddr, &if_addr, mcast_addr.ss_family)) {
- sprintf(error_reason, "Node address family does not match multicast address family");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Node address family does not match multicast address family");
return -1;
}

/* Check it's not bound to localhost, sigh */
get_localhost(if_addr.ss_family, &localhost);
if (ipaddr_equal(&localhost, &if_addr)) {
- sprintf(error_reason, "Node name resolves to localhost, please check /etc/hosts and assign this node a network IP address");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Node name resolves to localhost, please check /etc/hosts and assign this node a network IP address");
return -1;
}

@@ -325,7 +325,7 @@ static int add_ifaddr(struct objdb_iface_ver0 *objdb, char *mcast, char *ifaddr,
objdb->object_key_create_typed(totem_object_handle, "transport",
tx_mech_to_str[transport], strlen(tx_mech_to_str[transport]) + 1, OBJDB_VALUETYPE_STRING);
} else {
- sprintf(error_reason, "Transport should not be specified within <totem .../>, use <cman transport="..." /> instead");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Transport should not be specified within <totem .../>, use <cman transport="..." /> instead");
return -1;
}
}
@@ -336,7 +336,7 @@ static int add_ifaddr(struct objdb_iface_ver0 *objdb, char *mcast, char *ifaddr,
struct sockaddr_in6 *in6= (struct sockaddr_in6 *)&if_addr;
void *addrptr;

- sprintf(tmp, "%d", num_interfaces);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", num_interfaces);
objdb->object_key_create_typed(interface_object_handle , "ringnumber",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);

@@ -363,19 +363,19 @@ static int add_ifaddr(struct objdb_iface_ver0 *objdb, char *mcast, char *ifaddr,
break;
}

- sprintf(tmp, "%d", port);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", port);
objdb->object_key_create_typed(interface_object_handle , "mcastport",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);

/* paranoia check. corosync already does it */
if ((ttl < 0) || (ttl > 255)) {
- sprintf(error_reason, "TTL value (%u) out of range (0 - 255)", ttl);
+ snprintf(error_reason, sizeof(error_reason) - 1, "TTL value (%u) out of range (0 - 255)", ttl);
return -1;
}

/* add the key to the objdb only if value is not default */
if (ttl != 1) {
- sprintf(tmp, "%d", ttl);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", ttl);
objdb->object_key_create_typed(interface_object_handle , "ttl",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);
}
@@ -412,7 +412,7 @@ static char *default_mcast(char *node, int altiface)
default a multicast address */
ret = getaddrinfo(node, NULL, &ahints, &ainfo);
if (ret) {
- sprintf(error_reason, "Can't determine address family of nodename %s
", node);
+ snprintf(error_reason, sizeof(error_reason) - 1, "Can't determine address family of nodename %s
", node);
write_cman_pipe("Can't determine address family of nodename");
return NULL;
}
@@ -448,13 +448,13 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node)
return 0;

/* If nodename was from uname, try a domain-less version of it */
- strcpy(nodename2, node);
+ strncpy(nodename2, node, sizeof(nodename2) - 1);
dot = strchr(nodename2, '.');
if (dot) {
*dot = '';

if (nodelist_byname(objdb, cluster_parent_handle, nodename2)) {
- strcpy(node, nodename2);
+ strncpy(node, nodename2, MAX_CLUSTER_MEMBER_NAME_LEN - 1);
return 0;
}
}
@@ -466,12 +466,12 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node)
int len;

if (objdb_get_string(objdb, nodes_handle, "name", &str)) {
- sprintf(error_reason, "Cannot get node name");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Cannot get node name");
nodes_handle = nodeslist_next(objdb, find_handle);
continue;
}

- strcpy(nodename3, str);
+ strncpy(nodename3, str, sizeof(nodename3) - 1);
dot = strchr(nodename3, '.');
if (dot)
len = dot-nodename3;
@@ -480,7 +480,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node)

if (strlen(nodename2) == len &&
!strncmp(nodename2, nodename3, len)) {
- strcpy(node, str);
+ strncpy(node, str, sizeof(nodename) - 1);
return 0;
}
nodes_handle = nodeslist_next(objdb, find_handle);
@@ -499,7 +499,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node)
socklen_t salen = 0;

/* Restore this */
- strcpy(nodename2, node);
+ strncpy(nodename2, node, sizeof(nodename2) - 1);
sa = ifa->ifa_addr;
if (!sa)
continue;
@@ -516,7 +516,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node)
if (!error) {

if (nodelist_byname(objdb, cluster_parent_handle, nodename2)) {
- strcpy(node, nodename2);
+ strncpy(node, nodename2, sizeof(nodename) - 1);
goto out;
}

@@ -526,7 +526,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node)
*dot = '';

if (nodelist_byname(objdb, cluster_parent_handle, nodename2)) {
- strcpy(node, nodename2);
+ strncpy(node, nodename2, sizeof(nodename) - 1);
goto out;
}
}
@@ -539,7 +539,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node)
continue;

if (nodelist_byname(objdb, cluster_parent_handle, nodename2)) {
- strcpy(node, nodename2);
+ strncpy(node, nodename2, sizeof(nodename) - 1);
goto out;
}
}
@@ -626,16 +626,16 @@ static int get_nodename(struct objdb_iface_ver0 *objdb)
/* our nodename */
if (nodename_env != NULL) {
if (strlen(nodename_env) >= sizeof(nodename)) {
- sprintf(error_reason, "Overridden node name %s is too long", nodename);
+ snprintf(error_reason, sizeof(error_reason) - 1, "Overridden node name %s is too long", nodename);
write_cman_pipe("Overridden node name is too long");
error = -1;
goto out;
}

- strcpy(nodename, nodename_env);
+ strncpy(nodename, nodename_env, sizeof(nodename) - 1);

if (!(node_object_handle = nodelist_byname(objdb, cluster_parent_handle, nodename))) {
- sprintf(error_reason, "Overridden node name %s is not in CCS", nodename);
+ snprintf(error_reason, sizeof(error_reason) - 1, "Overridden node name %s is not in CCS", nodename);
write_cman_pipe("Overridden node name is not in CCS");
error = -1;
goto out;
@@ -646,20 +646,20 @@ static int get_nodename(struct objdb_iface_ver0 *objdb)

error = uname(&utsname);
if (error) {
- sprintf(error_reason, "cannot get node name, uname failed");
+ snprintf(error_reason, sizeof(error_reason) - 1, "cannot get node name, uname failed");
write_cman_pipe("Can't determine local node name, uname failed");
error = -1;
goto out;
}

if (strlen(utsname.nodename) >= sizeof(nodename)) {
- sprintf(error_reason, "node name from uname is too long");
+ snprintf(error_reason, sizeof(error_reason) - 1, "node name from uname is too long");
write_cman_pipe("local node name is too long");
error = -1;
goto out;
}

- strcpy(nodename, utsname.nodename);
+ strncpy(nodename, utsname.nodename, sizeof(nodename) - 1);
}
if (verify_nodename(objdb, nodename)) {
write_cman_pipe("Cannot find node name in cluster.conf");
@@ -671,7 +671,7 @@ static int get_nodename(struct objdb_iface_ver0 *objdb)
/* Add <cman> bits to pass down to the main module*/
if ( (node_object_handle = nodelist_byname(objdb, cluster_parent_handle, nodename))) {
if (objdb_get_string(objdb, node_object_handle, "nodeid", &nodeid_str)) {
- sprintf(error_reason, "This node has no nodeid in cluster.conf");
+ snprintf(error_reason, sizeof(error_reason) - 1, "This node has no nodeid in cluster.conf");
write_cman_pipe("This node has no nodeid in cluster.conf");
return -1;
}
@@ -711,7 +711,7 @@ static int get_nodename(struct objdb_iface_ver0 *objdb)
objdb->object_find_destroy(find_handle);

if (!nodeid_str) {
- sprintf(error_reason, "This node has no nodeid in cluster.conf");
+ snprintf(error_reason, sizeof(error_reason) - 1, "This node has no nodeid in cluster.conf");
write_cman_pipe("This node has no nodeid in cluster.conf");
return -1;
}
@@ -746,7 +746,7 @@ static int get_nodename(struct objdb_iface_ver0 *objdb)
if (transport != TX_MECH_UDPB) {
transport = TX_MECH_UDPU;
} else {
- sprintf(error_reason, "Transport and broadcast option are mutually exclusive");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Transport and broadcast option are mutually exclusive");
write_cman_pipe("Transport and broadcast option are mutually exclusive");
return -1;
}
@@ -754,12 +754,12 @@ static int get_nodename(struct objdb_iface_ver0 *objdb)
if (transport != TX_MECH_UDPB) {
transport = TX_MECH_RDMA;
} else {
- sprintf(error_reason, "Transport and broadcast option are mutually exclusive");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Transport and broadcast option are mutually exclusive");
write_cman_pipe("Transport and broadcast option are mutually exclusive");
return -1;
}
} else {
- sprintf(error_reason, "Transport option value can be one of udp, udpb, udpu, rdma");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Transport option value can be one of udp, udpb, udpu, rdma");
write_cman_pipe("Transport option value can be one of udp, udpb, udpu, rdma");
return -1;
}
@@ -931,7 +931,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb)
objdb->object_key_create_typed(object_handle, "version",
"2", 2, OBJDB_VALUETYPE_STRING);

- sprintf(tmp, "%d", nodeid);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", nodeid);
objdb->object_key_create_typed(object_handle, "nodeid",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);

@@ -941,7 +941,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb)
/* Set the token timeout is 10 seconds, but don't overrride anything that
might be in cluster.conf */
if (objdb_get_string(objdb, object_handle, "token", &value)) {
- snprintf(tmp, sizeof(tmp), "%d", DEFAULT_TOKEN_TIMEOUT);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", DEFAULT_TOKEN_TIMEOUT);
objdb->object_key_create_typed(object_handle, "token",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);
}
@@ -976,7 +976,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb)
if (objdb_get_string(objdb, object_handle, "consensus", &value)) {
unsigned int token=0;
unsigned int consensus;
- char calc_consensus[32];
+ char calc_consensus[64];

objdb_get_int(objdb, object_handle, "token", &token, DEFAULT_TOKEN_TIMEOUT);

@@ -990,7 +990,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb)
consensus = 2000;
}

- snprintf(calc_consensus, sizeof(calc_consensus), "%d", consensus);
+ snprintf(calc_consensus, sizeof(calc_consensus) - 1, "%d", consensus);
objdb->object_key_create_typed(object_handle, "consensus",
calc_consensus, strlen(calc_consensus)+1, OBJDB_VALUETYPE_STRING);
}
@@ -1015,7 +1015,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb)
}

if (objdb_get_string(objdb, object_handle, "secauth", &value)) {
- sprintf(tmp, "%d", 1);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", 1);
objdb->object_key_create_typed(object_handle, "secauth",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);
}
@@ -1067,13 +1067,13 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb)
{
char str[255];

- sprintf(str, "%d", cluster_id);
+ snprintf(str, sizeof(str) - 1, "%d", cluster_id);

objdb->object_key_create_typed(object_handle, "cluster_id",
str, strlen(str) + 1, OBJDB_VALUETYPE_STRING);

if (two_node) {
- sprintf(str, "%d", 1);
+ snprintf(str, sizeof(str) - 1, "%d", 1);
objdb->object_key_create_typed(object_handle, "two_node",
str, strlen(str) + 1, OBJDB_VALUETYPE_STRING);
}
@@ -1118,7 +1118,7 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb)
/* Enforce key */
key_filename = strdup(NOCCS_KEY_FILENAME);
if (!key_filename) {
- sprintf(error_reason, "cannot allocate memory for key file name");
+ snprintf(error_reason, sizeof(error_reason) - 1, "cannot allocate memory for key file name");
write_cman_pipe("cannot allocate memory for key file name");
return -1;
}
@@ -1127,7 +1127,7 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb)
cluster_name = strdup(DEFAULT_CLUSTER_NAME);

if (!cluster_name) {
- sprintf(error_reason, "cannot allocate memory for cluster_name");
+ snprintf(error_reason, sizeof(error_reason) - 1, "cannot allocate memory for cluster_name");
write_cman_pipe("cannot allocate memory for cluster_name");
return -1;
}
@@ -1138,7 +1138,7 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb)
else
cluster_id = generate_cluster_id(cluster_name);

- sprintf(error_reason, "Generated cluster id for '%s' is %d
", cluster_name, cluster_id);
+ snprintf(error_reason, sizeof(error_reason) - 1, "Generated cluster id for '%s' is %d
", cluster_name, cluster_id);
}

if (!nodename_env) {
@@ -1147,14 +1147,14 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb)

error = uname(&utsname);
if (error) {
- sprintf(error_reason, "cannot get node name, uname failed");
+ snprintf(error_reason, sizeof(error_reason) - 1, "cannot get node name, uname failed");
write_cman_pipe("Can't determine local node name");
return -1;
}

nodename_env = (char *)&utsname.nodename;
}
- strcpy(nodename, nodename_env);
+ strncpy(nodename, nodename_env, sizeof(nodename) - 1);
num_nodenames = 1;

if (!mcast_name) {
@@ -1179,7 +1179,7 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb)
memset(&ahints, 0, sizeof(ahints));
ret = getaddrinfo(nodename, NULL, &ahints, &ainfo);
if (ret) {
- sprintf(error_reason, "Can't determine address family of nodename %s
", nodename);
+ snprintf(error_reason, sizeof(error_reason) - 1, "Can't determine address family of nodename %s
", nodename);
write_cman_pipe("Can't determine address family of nodename");
return -1;
}
@@ -1203,11 +1203,11 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb)
objdb->object_key_create_typed(object_handle, "name",
nodename, strlen(nodename)+1, OBJDB_VALUETYPE_STRING);

- sprintf(tmp, "%d", votes);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", votes);
objdb->object_key_create_typed(object_handle, "votes",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);

- sprintf(tmp, "%d", nodeid);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", nodeid);
objdb->object_key_create_typed(object_handle, "nodeid",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);

@@ -1222,11 +1222,11 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb)
objdb->object_create(cluster_parent_handle, &object_handle,
"cman", strlen("cman"));
}
- sprintf(tmp, "%d", cluster_id);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", cluster_id);
objdb->object_key_create_typed(object_handle, "cluster_id",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);

- sprintf(tmp, "%d", expected_votes);
+ snprintf(tmp, sizeof(tmp) - 1, "%d", expected_votes);
objdb->object_key_create_typed(object_handle, "expected_votes",
tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING);

@@ -1269,7 +1269,7 @@ static int copy_config_tree(struct objdb_iface_ver0 *objdb, hdb_handle_t source_
/* Create sub-objects */
res = objdb->object_find_create(source_object, NULL, 0, &find_handle);
if (res) {
- sprintf(error_reason, "error resetting object iterator for object %ud: %d
", (unsigned int)source_object, res);
+ snprintf(error_reason, sizeof(error_reason) - 1, "error resetting object iterator for object %ud: %d
", (unsigned int)source_object, res);
return -1;
}

@@ -1310,13 +1310,13 @@ static int get_cman_globals(struct objdb_iface_ver0 *objdb)

objdb_get_string(objdb, cluster_parent_handle, "name", &cluster_name);
if (!cluster_name) {
- sprintf(error_reason, "Unable to determine cluster name.
");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Unable to determine cluster name.
");
write_cman_pipe("Unable to determine cluster name.
");
return -1;
}

if (strlen(cluster_name) > 15) {
- sprintf(error_reason, "%s
", "Invalid cluster name. It must be 15 characters or fewer
");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Invalid cluster name. It must be 15 characters or fewer

");
write_cman_pipe("Invalid cluster name. It must be 15 characters or fewer
");
return -1;
}
@@ -1345,7 +1345,7 @@ static int get_cman_globals(struct objdb_iface_ver0 *objdb)
else
cluster_id = generate_cluster_id(cluster_name);

- sprintf(error_reason, "Generated cluster id for '%s' is %d
", cluster_name, cluster_id);
+ snprintf(error_reason, sizeof(error_reason) - 1, "Generated cluster id for '%s' is %d
", cluster_name, cluster_id);
}
}
objdb->object_find_destroy(find_handle);
@@ -1363,7 +1363,7 @@ static int cmanpre_reloadconfig(struct objdb_iface_ver0 *objdb, int flush, const

/* don't reload if we've been told to run configless */
if (getenv("CMAN_NOCONFIG")) {
- sprintf(error_reason, "Config not updated because we were run with cman_tool -X");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Config not updated because we were run with cman_tool -X");
ret = 0;
goto err;
}
@@ -1372,12 +1372,12 @@ static int cmanpre_reloadconfig(struct objdb_iface_ver0 *objdb, int flush, const
objdb->object_find_create(OBJECT_PARENT_HANDLE, "cluster", strlen("cluster"), &find_handle);
objdb->object_find_next(find_handle, &cluster_parent_handle);
if (!cluster_parent_handle) {
- sprintf (error_reason, "%s", "Cannot find old /cluster/ key in configuration
");
+ snprintf (error_reason, sizeof(error_reason) - 1, "Cannot find old /cluster/ key in configuration
");
goto err;
}
objdb->object_find_next(find_handle, &cluster_parent_handle_new);
if (!cluster_parent_handle_new) {
- sprintf (error_reason, "%s", "Cannot find new /cluster/ key in configuration
");
+ snprintf (error_reason, sizeof(error_reason) - 1, "Cannot find new /cluster/ key in configuration
");
goto err;
}
objdb->object_find_destroy(find_handle);
@@ -1387,7 +1387,7 @@ static int cmanpre_reloadconfig(struct objdb_iface_ver0 *objdb, int flush, const
config_version = atoi(config_value);
} else {
/* it should never ever happen.. */
- sprintf (error_reason, "%s", "Cannot find old /cluster/config_version key in configuration
");
+ snprintf (error_reason, sizeof(error_reason) - 1, "Cannot find old /cluster/config_version key in configuration
");
goto err;
}
}
@@ -1399,14 +1399,14 @@ static int cmanpre_reloadconfig(struct objdb_iface_ver0 *objdb, int flush, const
config_version_new = atoi(config_value);
} else {
objdb->object_destroy(cluster_parent_handle_new);
- sprintf (error_reason, "%s", "Cannot find new /cluster/config_version key in configuration
");
+ snprintf (error_reason, sizeof(error_reason) - 1,"Cannot find new /cluster/config_version key in configuration
");
goto err;
}
}

if (config_version_new <= config_version) {
objdb->object_destroy(cluster_parent_handle_new);
- sprintf (error_reason, "%s", "New configuration version has to be newer than current running configuration
");
+ snprintf (error_reason, sizeof(error_reason) - 1, "New configuration version has to be newer than current running configuration
");
goto err;
}

@@ -1600,11 +1600,11 @@ static int cmanpre_readconfig(struct objdb_iface_ver0 *objdb, const char **error


if (!ret) {
- sprintf (error_reason, "%s", "Successfully parsed cman config
");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Successfully parsed cman config
");
}
else {
if (error_reason[0] == '')
- sprintf (error_reason, "%s", "Error parsing cman config
");
+ snprintf(error_reason, sizeof(error_reason) - 1, "Error parsing cman config
");
}
*error_string = error_reason;

diff --git a/cman/daemon/cmanconfig.c b/cman/daemon/cmanconfig.c
index d3009d0..7eb52e4 100644
--- a/cman/daemon/cmanconfig.c
+++ b/cman/daemon/cmanconfig.c
@@ -175,7 +175,7 @@ static int get_cman_join_info(struct corosync_api_v1 *corosync)
goto out;
}

- strcpy(cluster_name, cname);
+ strncpy(cluster_name, cname, sizeof(cluster_name) - 1);

expected_votes = 0;
if (getenv("CMAN_EXPECTEDVOTES")) {
diff --git a/cman/daemon/commands.c b/cman/daemon/commands.c
index 6b61332..f397234 100644
--- a/cman/daemon/commands.c
+++ b/cman/daemon/commands.c
@@ -396,7 +396,7 @@ static void copy_to_usernode(struct cluster_node *node,
struct totem_ip_address node_ifs[INTERFACE_MAX];
/* totempg_ifaces_get always copies INTERFACE_MAX addresses */

- strcpy(unode->name, node->name);
+ strncpy(unode->name, node->name, MAX_CLUSTER_MEMBER_NAME_LEN - 1);
unode->jointime = node->join_time;
unode->size = sizeof(struct cl_cluster_node);
unode->votes = node->votes;
@@ -421,7 +421,7 @@ int cman_set_nodename(char *name)
if (ais_running)
return -EALREADY;

- strncpy(nodename, name, MAX_CLUSTER_MEMBER_NAME_LEN);
+ strncpy(nodename, name, MAX_CLUSTER_MEMBER_NAME_LEN - 1);
return 0;
}

@@ -1401,7 +1401,7 @@ static int do_cmd_update_fence_info(char *cmdbuf)
fence_msg->nodeid = f->nodeid;
fence_msg->timesec = f->fence_time;
fence_msg->fenced = 1;
- strcpy(fence_msg->agent, f->fence_agent);
+ strncpy(fence_msg->agent, f->fence_agent, MAX_FENCE_AGENT_NAME_LEN - 1);
comms_send_message(msg, sizeof(msg), 0,0, 0, 0);

log_printf(LOGSYS_LEVEL_DEBUG, "memb: node %d fenced by %s
", f->nodeid, f->fence_agent);
@@ -1428,7 +1428,7 @@ static int do_cmd_get_fence_info(char *cmdbuf, char **retbuf, int retsize, int *
f->flags = node->flags&NODE_FLAGS_FENCED;

if (node->fence_agent)
- strcpy(f->fence_agent, node->fence_agent);
+ strncpy(f->fence_agent, node->fence_agent, MAX_FENCE_AGENT_NAME_LEN - 1);
else
f->fence_agent[0] = '';
*retlen = sizeof(struct cl_fence_info);
@@ -1867,10 +1867,10 @@ void send_transition_msg(int last_memb_count, int first_trans)
msg->flags = us->flags;
msg->fence_time = us->fence_time;
msg->join_time = join_time;
- strcpy(msg->clustername, cluster_name);
+ memcpy(msg->clustername, cluster_name, MAX_CLUSTER_NAME_LEN);
if (us->fence_agent)
{
- strcpy(msg->fence_agent, us->fence_agent);
+ strncpy(msg->fence_agent, us->fence_agent, MAX_FENCE_AGENT_NAME_LEN - 1);
len += strlen(us->fence_agent)+1;
}
else
@@ -2128,7 +2128,7 @@ static void do_process_transition(int nodeid, char *data)
fence_msg->nodeid = nodeid;
fence_msg->timesec = node->fence_time;
fence_msg->fenced = 0;
- strcpy(fence_msg->agent, node->fence_agent);
+ strncpy(fence_msg->agent, node->fence_agent, MAX_FENCE_AGENT_NAME_LEN - 1);
comms_send_message(fencemsg, sizeof(fencemsg), 0,0, nodeid, 0);
}
}
@@ -2307,7 +2307,7 @@ void add_ais_node(int nodeid, uint64_t incar, int total_members)
log_printf(LOG_ERR, "Got node from AIS id %d with no config entry
", nodeid);

/* Emergency nodename */
- sprintf(tempname, "Node%d", nodeid);
+ snprintf(tempname, sizeof(tempname) - 1, "Node%d", nodeid);
node = add_new_node(tempname, nodeid, 1, total_members, NODESTATE_DEAD);
if (!node) {
log_printf(LOG_ERR, "Unable to add newnode!
");
@@ -2432,7 +2432,7 @@ static const char *killmsg_reason(int reason)
return "we rejoined the cluster without a full restart";

default:
- sprintf(msg, "we got kill message number %d", reason);
+ snprintf(msg, sizeof(msg) - 1, "we got kill message number %d", reason);
return msg;
}
}
--
1.7.4.4
 

Thread Tools




All times are GMT. The time now is 09:42 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -