From 74e8328d3f6901d6ba38a313965fe910c8411324 Mon Sep 17 00:00:00 2001
From: Amar Tumballi <amarts@redhat.com>
Date: Thu, 1 Nov 2018 07:25:25 +0530
Subject: all: fix the format string exceptions

Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.

While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.

Fixes: CVE-2018-14661

Fixes: bz#1644763
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>
---
 rpc/rpc-lib/src/rpc-drc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'rpc/rpc-lib')

diff --git a/rpc/rpc-lib/src/rpc-drc.c b/rpc/rpc-lib/src/rpc-drc.c
index ff983b23fb4..50013776c86 100644
--- a/rpc/rpc-lib/src/rpc-drc.c
+++ b/rpc/rpc-lib/src/rpc-drc.c
@@ -564,10 +564,10 @@ rpcsvc_drc_priv(rpcsvc_drc_globals_t *drc)
     gf_proc_dump_write(key, "%d", drc->lru_factor);
 
     gf_proc_dump_build_key(key, "drc", "duplicate_request_count");
-    gf_proc_dump_write(key, "%d", drc->cache_hits);
+    gf_proc_dump_write(key, "%" PRIu64, drc->cache_hits);
 
     gf_proc_dump_build_key(key, "drc", "in_transit_duplicate_requests");
-    gf_proc_dump_write(key, "%d", drc->intransit_hits);
+    gf_proc_dump_write(key, "%" PRIu64, drc->intransit_hits);
 
     list_for_each_entry(client, &drc->clients_head, client_list)
     {
-- 
cgit