diff options
| author | Sunny Kumar <sunkumar@redhat.com> | 2018-09-17 16:56:48 +0530 |
|---|---|---|
| committer | Atin Mukherjee <amukherj@redhat.com> | 2018-09-20 03:02:07 +0000 |
| commit | b4eedcb4e432d2c2a5411e6cba1dedafba8e3c50 (patch) | |
| tree | 284180fc5d9dbc28e09b9c132946a380e20914a9 /xlators/mgmt/glusterd/src/glusterd-geo-rep.c | |
| parent | 0a92d5be1c783d6ff0acaab016d8a1d9477b7cbf (diff) | |
geo-rep : fix coverity issues in glusterd-geo-rep.c
This patch fixes CID 1210979, 1214614, 1292650, 1357874, 1382404.
1. overflowed or a truncated value : call to sys_read has been reduced
to 'sizeof(buf) -1' and after operation buf is properly terminated.
2. tainted_data_argument : truncation due to cast operation on operand :
resulted form call to strtol: chaged data type from pid_t to long.
3. tainted_data_argument : call to fgets is reduced by 2 to make space
for the '\n' and '\0'.
updates: bz#789278
Change-Id: Ib883501205c85007771213071c8e182286eb0bc0
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
Diffstat (limited to 'xlators/mgmt/glusterd/src/glusterd-geo-rep.c')
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-geo-rep.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c index 948655bf815..c8a4be2cdea 100644 --- a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c +++ b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c @@ -745,7 +745,7 @@ _fcbk_conftodict(char *resbuf, size_t blen, FILE *fp, void *data) for (;;) { errno = 0; - ptr = fgets(resbuf, blen, fp); + ptr = fgets(resbuf, blen - 2, fp); if (!ptr) break; v = resbuf + strlen(resbuf) - 1; @@ -808,7 +808,7 @@ _fcbk_statustostruct(char *resbuf, size_t blen, FILE *fp, void *data) for (;;) { errno = 0; - ptr = fgets(resbuf, blen, fp); + ptr = fgets(resbuf, blen - 2, fp); if (!ptr) break; @@ -3914,7 +3914,7 @@ gd_pause_or_resume_gsync(dict_t *dict, char *master, char *slave, { int32_t ret = 0; int pfd = -1; - pid_t pid = 0; + long pid = 0; char pidfile[PATH_MAX] = { 0, }; @@ -3979,8 +3979,9 @@ gd_pause_or_resume_gsync(dict_t *dict, char *master, char *slave, goto out; } - ret = sys_read(pfd, buf, sizeof(buf)); + ret = sys_read(pfd, buf, sizeof(buf) - 1); if (ret > 0) { + buf[ret] = '\0'; pid = strtol(buf, NULL, 10); if (is_pause) { ret = kill(-pid, SIGSTOP); @@ -4072,7 +4073,7 @@ stop_gsync(char *master, char *slave, char **msg, char *conf_path, { int32_t ret = 0; int pfd = -1; - pid_t pid = 0; + long pid = 0; char pidfile[PATH_MAX] = { 0, }; @@ -4111,8 +4112,9 @@ stop_gsync(char *master, char *slave, char **msg, char *conf_path, if (pfd < 0) goto out; - ret = sys_read(pfd, buf, sizeof(buf)); + ret = sys_read(pfd, buf, sizeof(buf) - 1); if (ret > 0) { + buf[ret] = '\0'; pid = strtol(buf, NULL, 10); ret = kill(-pid, SIGTERM); if (ret && !is_force) { @@ -5479,8 +5481,9 @@ glusterd_op_copy_file(dict_t *dict, char **op_errstr) } do { - ret = sys_read(fd, buf, sizeof(buf)); + ret = sys_read(fd, buf, sizeof(buf) - 1); if (ret > 0) { + buf[ret] = '\0'; memcpy(contents + bytes_read, buf, ret); bytes_read += ret; } |