From a8ce48126dc57726f820e8815cff8b24911ca076 Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Mon, 9 Jul 2012 22:50:09 +0200 Subject: cli: print_brick_status: don't smash stack For bricklen > 110 (i.e., 2 * fieldlen), the if-clause would be executed 2 or more times, making strncpy write past the end of "buf", clobbering the stack. Rewrite, removing unnecessary use of strncpy, strlen and decl/use of the temporary buffer, and instead, specifying precision via a printf-style format directive. Coverity identified the static buffer overrun. Change-Id: I176386e752c397dea22265de9f3c6eb631334f4f BUG: 789278 Signed-off-by: Jim Meyering Reviewed-on: http://review.gluster.com/3646 Tested-by: Gluster Build System Reviewed-by: Anand Avati --- cli/src/cli-cmd-volume.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'cli') diff --git a/cli/src/cli-cmd-volume.c b/cli/src/cli-cmd-volume.c index 704f9dddb..c0faaa07b 100644 --- a/cli/src/cli-cmd-volume.c +++ b/cli/src/cli-cmd-volume.c @@ -1582,21 +1582,16 @@ int cli_print_brick_status (cli_volume_status_t *status) { int fieldlen = CLI_VOL_STATUS_BRICK_LEN; - char buf[80] = {0,}; int bricklen = 0; - int i = 0; char *p = NULL; int num_tabs = 0; - bricklen = strlen (status->brick); p = status->brick; + bricklen = strlen (p); while (bricklen > 0) { if (bricklen > fieldlen) { - i++; - strncpy (buf, p, min (fieldlen, (sizeof (buf)-1))); - buf[strlen(buf) + 1] = '\0'; - cli_out ("%s", buf); - p = status->brick + i * fieldlen; + cli_out ("%.*s", fieldlen, p); + p += fieldlen; bricklen -= fieldlen; } else { num_tabs = (fieldlen - bricklen) / CLI_TAB_LENGTH + 1; -- cgit