all: fix the format string exceptions

Currently, there are possibilities in few places, where a user-controlled (like filename, program parameter etc) string can be passed as 'fmt' for printf(), which can lead to segfault, if the user's string contains '%s', '%d' in it. While fixing it, makes sense to make the explicit check for such issues across the codebase, by making the format call properly. Fixes: CVE-2018-14661 Fixes: bz#1644763 Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4 Signed-off-by: Amar Tumballi <amarts@redhat.com>
author: Amar Tumballi <amarts@redhat.com> 2018-11-01 07:25:25 +0530
committer: Amar Tumballi <amarts@redhat.com> 2018-11-01 14:14:30 +0530
commit: 74dbf0a9aac4b960832029ec122685b5b5009127 (patch)
tree: 5df42e9247286da6193ac14f47e3dc9d3637b509 /xlators/performance/nl-cache/src/nl-cache.c
parent: 7fac81aeab5805fb2bd719d7489636633bb5e32a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/xlators/performance/nl-cache/src/nl-cache.c b/xlators/performance/nl-cache/src/nl-cache.c
index efa54ee346b..02d6df55349 100644
--- a/xlators/performance/nl-cache/src/nl-cache.c
+++ b/xlators/performance/nl-cache/src/nl-cache.c
@@ -588,7 +588,7 @@ nlc_priv_dump(xlator_t *this)
     conf = this->private;
 
     snprintf(key_prefix, GF_DUMP_MAX_BUF_LEN, "%s.%s", this->type, this->name);
-    gf_proc_dump_add_section(key_prefix);
+    gf_proc_dump_add_section("%s", key_prefix);
 
     gf_proc_dump_write("negative_lookup_hit_count", "%" PRId64,
                        GF_ATOMIC_GET(conf->nlc_counter.nlc_hit));
author	Amar Tumballi <amarts@redhat.com>	2018-11-01 07:25:25 +0530
committer	Amar Tumballi <amarts@redhat.com>	2018-11-01 14:14:30 +0530
commit	74dbf0a9aac4b960832029ec122685b5b5009127 (patch)
tree	5df42e9247286da6193ac14f47e3dc9d3637b509 /xlators/performance/nl-cache/src/nl-cache.c
parent	7fac81aeab5805fb2bd719d7489636633bb5e32a (diff)