all: fix the format string exceptions

Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.

While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.

Fixes: CVE-2018-14661

Fixes: bz#1647666
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/libglusterfs/src/inode.c b/libglusterfs/src/inode.c
index ee85c0e793c..089aa6f9b21 100644
--- a/libglusterfs/src/inode.c
+++ b/libglusterfs/src/inode.c
@@ -31,7 +31,7 @@
         {                                                                      \
             gf_proc_dump_build_key(key_buf, key_prefix, "%s.%d", list_type,    \
                                    i++);                                       \
-            gf_proc_dump_add_section(key_buf);                                 \
+            gf_proc_dump_add_section("%s", key_buf);                           \
             inode_dump(inode, key);                                            \
         }                                                                      \
     }
@@ -2355,7 +2355,7 @@ inode_table_dump(inode_table_t *itable, char *prefix)
     }
 
     gf_proc_dump_build_key(key, prefix, "hashsize");
-    gf_proc_dump_write(key, "%d", itable->hashsize);
+    gf_proc_dump_write(key, "%" GF_PRI_SIZET, itable->hashsize);
     gf_proc_dump_build_key(key, prefix, "name");
     gf_proc_dump_write(key, "%s", itable->name);