diff options
author | Amar Tumballi <amarts@redhat.com> | 2018-11-08 10:46:12 +0530 |
---|---|---|
committer | Shyamsundar Ranganathan <srangana@redhat.com> | 2018-11-09 14:04:25 +0000 |
commit | 9d9b9745c7e424f01e5526b23b1da17db263275e (patch) | |
tree | d1f0be3e68c91ea86febbecfcf2a79d381d67c66 /xlators/protocol/server/src/server-resolve.c | |
parent | 03b65fd52d3e4e3e9d4978fd30c694c51bcde3e3 (diff) |
features/locks: fix statedump string
Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.
Fixes: CVE-2018-14661
NOTE: this change is a focused fix for the CVE, but is just subset of
changes in master. This is done so that we keep the changes in the
codebase to minimum, and also as clang coding standard is implemented,
the changes wouldn't apply cleanly from master, so there is scope for
mistakes. By keeping it to minimum, we solve CVE, and also prevent
errors.
Fixes: bz#1647668
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Diffstat (limited to 'xlators/protocol/server/src/server-resolve.c')
0 files changed, 0 insertions, 0 deletions