From 83304fedb464fe3f97db662ce3e07bd948b7b7d9 Mon Sep 17 00:00:00 2001 From: Amar Tumballi Date: Tue, 6 Nov 2018 22:47:41 +0530 Subject: all: fix the format string exceptions Currently, there are possibilities in few places, where a user-controlled (like filename, program parameter etc) string can be passed as 'fmt' for printf(), which can lead to segfault, if the user's string contains '%s', '%d' in it. While fixing it, makes sense to make the explicit check for such issues across the codebase, by making the format call properly. Fixes: CVE-2018-14661 Fixes: bz#1647666 Change-Id: Ib547293f2d9eb618594cbff0df3b9c800e88bde4 Signed-off-by: Amar Tumballi --- xlators/playground/template/src/template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'xlators/playground') diff --git a/xlators/playground/template/src/template.c b/xlators/playground/template/src/template.c index 4a9e8d2e6f3..e96374e0302 100644 --- a/xlators/playground/template/src/template.c +++ b/xlators/playground/template/src/template.c @@ -50,7 +50,7 @@ template_priv(xlator_t *this) template_private_t *priv = NULL; priv = this->private; - gf_proc_dump_write("template.dummy", "%lu", priv->dummy); + gf_proc_dump_write("template.dummy", "%" PRId32, priv->dummy); return 0; } -- cgit