From 74e8328d3f6901d6ba38a313965fe910c8411324 Mon Sep 17 00:00:00 2001
From: Amar Tumballi <amarts@redhat.com>
Date: Thu, 1 Nov 2018 07:25:25 +0530
Subject: all: fix the format string exceptions

Currently, there are possibilities in few places, where a user-controlled
(like filename, program parameter etc) string can be passed as 'fmt' for
printf(), which can lead to segfault, if the user's string contains '%s',
'%d' in it.

While fixing it, makes sense to make the explicit check for such issues
across the codebase, by making the format call properly.

Fixes: CVE-2018-14661

Fixes: bz#1644763
Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4
Signed-off-by: Amar Tumballi <amarts@redhat.com>
---
 xlators/cluster/afr/src/afr-common.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'xlators/cluster/afr')

diff --git a/xlators/cluster/afr/src/afr-common.c b/xlators/cluster/afr/src/afr-common.c
index 3a62df34aef..c27159a07af 100644
--- a/xlators/cluster/afr/src/afr-common.c
+++ b/xlators/cluster/afr/src/afr-common.c
@@ -4860,7 +4860,7 @@ afr_priv_dump(xlator_t *this)
 
     GF_ASSERT(priv);
     snprintf(key_prefix, GF_DUMP_MAX_BUF_LEN, "%s.%s", this->type, this->name);
-    gf_proc_dump_add_section(key_prefix);
+    gf_proc_dump_add_section("%s", key_prefix);
     gf_proc_dump_write("child_count", "%u", priv->child_count);
     for (i = 0; i < priv->child_count; i++) {
         sprintf(key, "child_up[%d]", i);
@@ -4897,7 +4897,7 @@ afr_priv_dump(xlator_t *this)
         gf_proc_dump_write("ta_child_up", "%d", priv->ta_child_up);
         gf_proc_dump_write("ta_bad_child_index", "%d",
                            priv->ta_bad_child_index);
-        gf_proc_dump_write("ta_notify_dom_lock_offset", "%lld",
+        gf_proc_dump_write("ta_notify_dom_lock_offset", "%" PRId64,
                            priv->ta_notify_dom_lock_offset);
     }
 
-- 
cgit