diff options
| author | Amar Tumballi <amarts@redhat.com> | 2018-11-01 07:25:25 +0530 |
|---|---|---|
| committer | Shyamsundar Ranganathan <srangana@redhat.com> | 2018-11-05 18:50:59 +0000 |
| commit | 74e8328d3f6901d6ba38a313965fe910c8411324 (patch) | |
| tree | 4816063d412cf9e436da301fccf165485bf22e18 /libglusterfs/src/iobuf.c | |
| parent | 2effe3b0d3fa51fc627c970353de2e326bcf1ef2 (diff) | |
all: fix the format string exceptions
Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.
While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.
Fixes: CVE-2018-14661
Fixes: bz#1644763
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Diffstat (limited to 'libglusterfs/src/iobuf.c')
| -rw-r--r-- | libglusterfs/src/iobuf.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/libglusterfs/src/iobuf.c b/libglusterfs/src/iobuf.c index 8682420d8f8..c9e0ff35198 100644 --- a/libglusterfs/src/iobuf.c +++ b/libglusterfs/src/iobuf.c @@ -1068,7 +1068,7 @@ iobuf_info_dump(struct iobuf *iobuf, const char *key_prefix) UNLOCK(&iobuf->lock); gf_proc_dump_build_key(key, key_prefix, "ref"); - gf_proc_dump_write(key, "%d", my_iobuf.ref); + gf_proc_dump_write(key, "%" GF_PRI_ATOMIC, GF_ATOMIC_GET(my_iobuf.ref)); gf_proc_dump_build_key(key, key_prefix, "ptr"); gf_proc_dump_write(key, "%p", my_iobuf.ptr); @@ -1094,13 +1094,13 @@ iobuf_arena_info_dump(struct iobuf_arena *iobuf_arena, const char *key_prefix) gf_proc_dump_build_key(key, key_prefix, "alloc_cnt"); gf_proc_dump_write(key, "%" PRIu64, iobuf_arena->alloc_cnt); gf_proc_dump_build_key(key, key_prefix, "max_active"); - gf_proc_dump_write(key, "%" PRIu64, iobuf_arena->max_active); + gf_proc_dump_write(key, "%d", iobuf_arena->max_active); gf_proc_dump_build_key(key, key_prefix, "page_size"); - gf_proc_dump_write(key, "%" PRIu64, iobuf_arena->page_size); + gf_proc_dump_write(key, "%" GF_PRI_SIZET, iobuf_arena->page_size); list_for_each_entry(trav, &iobuf_arena->active.list, list) { gf_proc_dump_build_key(key, key_prefix, "active_iobuf.%d", i++); - gf_proc_dump_add_section(key); + gf_proc_dump_add_section("%s", key); iobuf_info_dump(trav, key); } @@ -1126,9 +1126,10 @@ iobuf_stats_dump(struct iobuf_pool *iobuf_pool) } gf_proc_dump_add_section("iobuf.global"); gf_proc_dump_write("iobuf_pool", "%p", iobuf_pool); - gf_proc_dump_write("iobuf_pool.default_page_size", "%d", + gf_proc_dump_write("iobuf_pool.default_page_size", "%" GF_PRI_SIZET, iobuf_pool->default_page_size); - gf_proc_dump_write("iobuf_pool.arena_size", "%d", iobuf_pool->arena_size); + gf_proc_dump_write("iobuf_pool.arena_size", "%" GF_PRI_SIZET, + iobuf_pool->arena_size); gf_proc_dump_write("iobuf_pool.arena_cnt", "%d", iobuf_pool->arena_cnt); gf_proc_dump_write("iobuf_pool.request_misses", "%" PRId64, iobuf_pool->request_misses); @@ -1137,21 +1138,21 @@ iobuf_stats_dump(struct iobuf_pool *iobuf_pool) list_for_each_entry(trav, &iobuf_pool->arenas[j], list) { snprintf(msg, sizeof(msg), "arena.%d", i); - gf_proc_dump_add_section(msg); + gf_proc_dump_add_section("%s", msg); iobuf_arena_info_dump(trav, msg); i++; } list_for_each_entry(trav, &iobuf_pool->purge[j], list) { snprintf(msg, sizeof(msg), "purge.%d", i); - gf_proc_dump_add_section(msg); + gf_proc_dump_add_section("%s", msg); iobuf_arena_info_dump(trav, msg); i++; } list_for_each_entry(trav, &iobuf_pool->filled[j], list) { snprintf(msg, sizeof(msg), "filled.%d", i); - gf_proc_dump_add_section(msg); + gf_proc_dump_add_section("%s", msg); iobuf_arena_info_dump(trav, msg); i++; } |