From e3ec41af9a9f4d906dd7b512b3f4f91a6f338f4b Mon Sep 17 00:00:00 2001
From: Rinku Kothiya <rkothiya@redhat.com>
Date: Mon, 17 Dec 2018 19:55:20 +0530
Subject: rdma: fix possible buffer overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

used snprintf instead of sprintf and if the source string is bigger
than destination then logged a warning message.

clang warning: ‘%s’ directive writing up to 1024 bytes into a region
of size 108.

updates: bz#1622665

Change-Id: Ia5e7c53d35d8178dd2c75708698599fe8bded5de
Signed-off-by: Rinku Kothiya <rkothiya@redhat.com>
---
 rpc/rpc-transport/rdma/src/rdma.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'rpc/rpc-transport')

diff --git a/rpc/rpc-transport/rdma/src/rdma.c b/rpc/rpc-transport/rdma/src/rdma.c
index ac984c16924..edf4e13bd48 100644
--- a/rpc/rpc-transport/rdma/src/rdma.c
+++ b/rpc/rpc-transport/rdma/src/rdma.c
@@ -4489,7 +4489,12 @@ gf_rdma_listen(rpc_transport_t *this)
         goto err;
     }
 
-    sprintf(this->myinfo.identifier, "%s:%s", host, service);
+    if (snprintf(this->myinfo.identifier, UNIX_PATH_MAX, "%s:%s", host,
+                 service) >= UNIX_PATH_MAX) {
+        gf_msg(this->name, GF_LOG_WARNING, 0, RDMA_MSG_BUFFER_ERROR,
+               "host and service name too large");
+        goto err;
+    }
 
     ret = rdma_set_option(peer->cm_id, RDMA_OPTION_ID, RDMA_OPTION_ID_REUSEADDR,
                           (void *)&optval, sizeof(optval));
-- 
cgit