all: fix the format string exceptions

Currently, there are possibilities in few places, where a user-controlled (like filename, program parameter etc) string can be passed as 'fmt' for printf(), which can lead to segfault, if the user's string contains '%s', '%d' in it. While fixing it, makes sense to make the explicit check for such issues across the codebase, by making the format call properly. Fixes: CVE-2018-14661 Fixes: bz#1644763 Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4 Signed-off-by: Amar Tumballi <amarts@redhat.com>
author: Amar Tumballi <amarts@redhat.com> 2018-11-01 07:25:25 +0530
committer: Shyamsundar Ranganathan <srangana@redhat.com> 2018-11-05 18:50:59 +0000
commit: 74e8328d3f6901d6ba38a313965fe910c8411324 (patch)
tree: 4816063d412cf9e436da301fccf165485bf22e18 /xlators/features/gfid-access/src
parent: 2effe3b0d3fa51fc627c970353de2e326bcf1ef2 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/xlators/features/gfid-access/src/gfid-access.c b/xlators/features/gfid-access/src/gfid-access.c
index 68768eebf4e..0cf7870856b 100644
--- a/xlators/features/gfid-access/src/gfid-access.c
+++ b/xlators/features/gfid-access/src/gfid-access.c
@@ -1365,7 +1365,7 @@ ga_dump_inodectx(xlator_t *this, inode_t *inode)
     if (ret == 0) {
         tmp_inode = (void *)(uintptr_t)value;
         gf_proc_dump_build_key(key_prefix, this->name, "inode");
-        gf_proc_dump_add_section(key_prefix);
+        gf_proc_dump_add_section("%s", key_prefix);
         gf_proc_dump_write("real-gfid", "%s", uuid_utoa(tmp_inode->gfid));
     }
author	Amar Tumballi <amarts@redhat.com>	2018-11-01 07:25:25 +0530
committer	Shyamsundar Ranganathan <srangana@redhat.com>	2018-11-05 18:50:59 +0000
commit	74e8328d3f6901d6ba38a313965fe910c8411324 (patch)
tree	4816063d412cf9e436da301fccf165485bf22e18 /xlators/features/gfid-access/src
parent	2effe3b0d3fa51fc627c970353de2e326bcf1ef2 (diff)