From f4be9bc3c530ab35a0cd1939df8c43abe54e540d Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Tue, 31 Mar 2015 02:28:07 +0200
Subject: features/changelog: fix possible illegal mem access (CID 1288822)

Coverity CID 1288822 (#1 of 2)

strncpy executed with a limit equal to the target array
size potentially leaves the target string not null terminated.

In this case the strncpy is not needed due to the snprintf
with the same target buffer which follows immediately.

This patch also removes the now unneeded scratch_dir
argument to gf_changelog_init_history(), which is semantically
correct, since scratch_dir has previously been filled into
jnl->jnl_working_dir by the caller, and this is now used to
fill hist_scratch_dir.

Change-Id: Ib1ed3a1058e80e34191758921b49c29030d6c9db
BUG: 789278
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-on: http://review.gluster.org/10058
Reviewed-by: Kotresh HR <khiremat@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
---
 xlators/features/changelog/lib/src/gf-changelog-journal-handler.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'xlators/features/changelog/lib/src')

diff --git a/xlators/features/changelog/lib/src/gf-changelog-journal-handler.c b/xlators/features/changelog/lib/src/gf-changelog-journal-handler.c
index 3cb0eef7ba6..65ee9555514 100644
--- a/xlators/features/changelog/lib/src/gf-changelog-journal-handler.c
+++ b/xlators/features/changelog/lib/src/gf-changelog-journal-handler.c
@@ -842,7 +842,7 @@ gf_changelog_open_dirs (xlator_t *this, gf_changelog_journal_t *jnl)
 int
 gf_changelog_init_history (xlator_t *this,
                            gf_changelog_journal_t *jnl,
-                           char *brick_path, char *scratch_dir)
+                           char *brick_path)
 {
         int i   = 0;
         int ret = 0;
@@ -856,7 +856,6 @@ gf_changelog_init_history (xlator_t *this,
         jnl->hist_jnl->jnl_dir = NULL;
         jnl->hist_jnl->jnl_fd =  -1;
 
-        (void) strncpy (hist_scratch_dir, scratch_dir, PATH_MAX);
         (void) snprintf (hist_scratch_dir, PATH_MAX,
                          "%s/"GF_CHANGELOG_HISTORY_DIR"/",
                          jnl->jnl_working_dir);
@@ -957,8 +956,7 @@ gf_changelog_journal_init (void *xl, struct gf_brick_spec *brick)
                         i == '-' || i == '.' || i == '_') ? i : 0;
         }
 
-        ret = gf_changelog_init_history (this, jnl,
-                                         brick->brick_path, scratch_dir);
+        ret = gf_changelog_init_history (this, jnl, brick->brick_path);
         if (ret)
                 goto cleanup_fds;
 
-- 
cgit