[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Cluster-devel] [PATCH 14/41] cman_tool: fix a few possible buffer overflow



Spotted by Coverity Scan

Signed-off-by: Fabio M. Di Nitto <fdinitto redhat com>
---
:100644 100644 a1c1c14... 44c8d69... M	cman/cman_tool/join.c
:100644 100644 0e8876a... b0a2116... M	cman/cman_tool/main.c
 cman/cman_tool/join.c |    5 +++--
 cman/cman_tool/main.c |    6 +++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/cman/cman_tool/join.c b/cman/cman_tool/join.c
index a1c1c14..44c8d69 100644
--- a/cman/cman_tool/join.c
+++ b/cman/cman_tool/join.c
@@ -94,7 +94,7 @@ static const char *corosync_exit_reason(signed char status)
 		return "Another Corosync instance is already running";
 		break;
 	default:
-		sprintf(reason, "Error, reason code is %d", status);
+		snprintf(reason, sizeof(reason) - 1, "Error, reason code is %d", status);
 		return reason;
 		break;
 	}
@@ -287,7 +287,8 @@ int join(commandline_t *comline)
 		/* Did we get a cman-reported error? */
 		if (status == 1) {
 			int len;
-			if ((len = read(p[0], message, sizeof(message)) > 0)) {
+			if ((len = read(p[0], message, sizeof(message) - 1) > 0)) {
+				message[sizeof(message) - 1] = '\0';
 
 				/* Forked OK - get the real corosync pid */
 				if ((messageptr) && (sscanf(messageptr, "FORKED: %d", &corosync_pid) == 1)) {
diff --git a/cman/cman_tool/main.c b/cman/cman_tool/main.c
index 0e8876a..b0a2116 100644
--- a/cman/cman_tool/main.c
+++ b/cman/cman_tool/main.c
@@ -188,7 +188,7 @@ static char *membership_state(char *buf, int buflen, int node_state)
 		strncpy(buf, "Leaving", buflen);
 		break;
 	default:
-		sprintf(buf, "Unknown: code=%d", node_state);
+		snprintf(buf, buflen - 1, "Unknown: code=%d", node_state);
 		break;
 	}
 
@@ -414,7 +414,7 @@ static void print_node(commandline_t *comline, cman_handle_t h, int *format, str
 	if (node->cn_jointime.tv_sec && node->cn_member)
 		strftime(jstring, sizeof(jstring), "%F %H:%M:%S", jtime);
 	else
-		strcpy(jstring, "                   ");
+		strncpy(jstring, "                   ", sizeof(jstring));
 
 	if (!comline->format_opts) {
 		printf("%4u   %c  %5d   %s  %s\n",
@@ -1018,7 +1018,7 @@ static void decode_arguments(int argc, char *argv[], commandline_t *comline)
 			if (strlen(optarg) > MAX_NODE_NAME_LEN-1)
 				die("maximum cluster name length is %d",
 				    MAX_CLUSTER_NAME_LEN-1);
-			strcpy(comline->clustername, optarg);
+			strncpy(comline->clustername, optarg, sizeof(comline->clustername) - 1);
 			comline->clustername_opt = TRUE;
 			break;
 
-- 
1.7.4.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]