all: fix the format string exceptions

Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.

While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.

Fixes: CVE-2018-14661

Fixes: bz#1644763
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/xlators/features/barrier/src/barrier.c b/xlators/features/barrier/src/barrier.c
index edecae1a55e..1c5c5ffdc22 100644
--- a/xlators/features/barrier/src/barrier.c
+++ b/xlators/features/barrier/src/barrier.c
@@ -721,7 +721,7 @@ __barrier_dump_queue(barrier_priv_t *priv)
     list_for_each_entry(stub, &priv->queue, list)
     {
         snprintf(key, sizeof(key), "stub.%d", i++);
-        gf_proc_dump_add_section(key);
+        gf_proc_dump_add_section("%s", key);
         barrier_dump_stub(stub, key);
     }
 
@@ -745,7 +745,7 @@ barrier_dump_priv(xlator_t *this)
         return 0;
 
     gf_proc_dump_build_key(key, "xlator.features.barrier", "priv");
-    gf_proc_dump_add_section(key);
+    gf_proc_dump_add_section("%s", key);
 
     LOCK(&priv->lock);
     {