From 4aa63e28509eb47d293eddb4f61317d409598c23 Mon Sep 17 00:00:00 2001
From: GauravKumarGarg <ggarg@redhat.com>
Date: Fri, 28 Nov 2014 12:02:20 +0530
Subject: glusterd: Coverity fix for string_overflow overrun

In function glusterd_dump_peer() it is copying "input_key" into "key"
buffer without checking the length which might cause string_overflow
overrun. Similar problem with other coverity issue.
With this fix it will copy "input_key" into "key" buffer by maximum
length of buffer.

Coverity CID: 1256171
Coverity CID: 1256172
Coverity CID: 1256174

Change-Id: I4e092309d9503bd79ff82cf83ed5e8d758743453
BUG: 1093692
Signed-off-by: Gaurav Kumar Garg  ggarg <ggarg@redhat.com>
Reviewed-on: http://review.gluster.org/9208
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
Reviewed-by: Kaushal M <kaushal@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-handshake.c | 2 +-
 xlators/mgmt/glusterd/src/glusterd.c           | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'xlators/mgmt')

diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c
index 8414fa8e9bb..72e479070b6 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handshake.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c
@@ -296,7 +296,7 @@ gotvolinfo:
         ret = stat (path, &stbuf);
 
         if ((ret == -1) && (errno == ENOENT)) {
-                strcpy (dup_volid, volid_ptr);
+                strncpy (dup_volid, volid_ptr, (PATH_MAX - 1));
                 if (!strchr (dup_volid, '.')) {
                         switch (volinfo->transport_type) {
                         case GF_TRANSPORT_TCP:
diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c
index 1ea2f357026..d81ee435840 100644
--- a/xlators/mgmt/glusterd/src/glusterd.c
+++ b/xlators/mgmt/glusterd/src/glusterd.c
@@ -284,7 +284,7 @@ glusterd_dump_peer (glusterd_peerinfo_t *peerinfo, char *input_key, int index,
         char   subkey[50]               = {0,};
         char   key[GF_DUMP_MAX_BUF_LEN] = {0,};
 
-        strcpy (key, input_key);
+        strncpy (key, input_key, (GF_DUMP_MAX_BUF_LEN - 1));
 
         snprintf (subkey, sizeof (subkey), "%s%d", key, index);
 
@@ -327,7 +327,7 @@ glusterd_dump_peer_rpcstat (glusterd_peerinfo_t *peerinfo, char *input_key,
         char                   subkey[50]                          = {0,};
         char                   key[GF_DUMP_MAX_BUF_LEN]            = {0,};
 
-        strcpy (key, input_key);
+        strncpy (key, input_key, (GF_DUMP_MAX_BUF_LEN - 1));
 
         /* Dump the rpc connection statistics */
         rpc = peerinfo->rpc;
-- 
cgit