rdma: fix possible buffer overflow

used snprintf instead of sprintf and if the source string is bigger than destination then logged a warning message. clang warning: ‘%s’ directive writing up to 1024 bytes into a region of size 108. updates: bz#1622665 Change-Id: Ia5e7c53d35d8178dd2c75708698599fe8bded5de Signed-off-by: Rinku Kothiya <rkothiya@redhat.com>
author: Rinku Kothiya <rkothiya@redhat.com> 2018-12-17 19:55:20 +0530
committer: mohammed rafi kc <rkavunga@redhat.com> 2018-12-19 11:24:57 +0000
commit: e3ec41af9a9f4d906dd7b512b3f4f91a6f338f4b (patch)
tree: cd9090cba88c2dc5020d2cf43c874174ecddc876 /rpc/rpc-transport/rdma/src
parent: 9662504d45f3e285772f5188a7edf7ae3665cc6a (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/rpc/rpc-transport/rdma/src/rdma.c b/rpc/rpc-transport/rdma/src/rdma.c
index ac984c16924..edf4e13bd48 100644
--- a/rpc/rpc-transport/rdma/src/rdma.c
+++ b/rpc/rpc-transport/rdma/src/rdma.c
@@ -4489,7 +4489,12 @@ gf_rdma_listen(rpc_transport_t *this)
         goto err;
     }
 
-    sprintf(this->myinfo.identifier, "%s:%s", host, service);
+    if (snprintf(this->myinfo.identifier, UNIX_PATH_MAX, "%s:%s", host,
+                 service) >= UNIX_PATH_MAX) {
+        gf_msg(this->name, GF_LOG_WARNING, 0, RDMA_MSG_BUFFER_ERROR,
+               "host and service name too large");
+        goto err;
+    }
 
     ret = rdma_set_option(peer->cm_id, RDMA_OPTION_ID, RDMA_OPTION_ID_REUSEADDR,
                           (void *)&optval, sizeof(optval));
author	Rinku Kothiya <rkothiya@redhat.com>	2018-12-17 19:55:20 +0530
committer	mohammed rafi kc <rkavunga@redhat.com>	2018-12-19 11:24:57 +0000
commit	e3ec41af9a9f4d906dd7b512b3f4f91a6f338f4b (patch)
tree	cd9090cba88c2dc5020d2cf43c874174ecddc876 /rpc/rpc-transport/rdma/src
parent	9662504d45f3e285772f5188a7edf7ae3665cc6a (diff)