From 7656aec3b9ef60592c8cf251dfb5cdb6088cd328 Mon Sep 17 00:00:00 2001
From: Dmitry Antipov <dmantipov@yandex.ru>
Date: Thu, 26 Dec 2019 15:25:35 +0300
Subject: Avoid buffer overwrite due to uuid_utoa() misuse

Code like:

f(..., uuid_utoa(x), uuid_utoa(y));

is not valid (causes undefined behaviour) because uuid_utoa()
uses the only static thread-local buffer which will be overwritten
by the subsequent call. All such cases should be converted to use
uuid_utoa_r() with explicitly specified buffer.

Change-Id: I5e72bab806d96a9dd1707c28ed69ca033b9c8d6c
Updates: bz#1193929
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
---
 xlators/storage/posix/src/posix-inode-fd-ops.c | 5 +++--
 xlators/storage/posix/src/posix-metadata.c     | 7 +++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

(limited to 'xlators/storage/posix/src')

diff --git a/xlators/storage/posix/src/posix-inode-fd-ops.c b/xlators/storage/posix/src/posix-inode-fd-ops.c
index b8104604ecc..e5c51eee032 100644
--- a/xlators/storage/posix/src/posix-inode-fd-ops.c
+++ b/xlators/storage/posix/src/posix-inode-fd-ops.c
@@ -2061,6 +2061,7 @@ posix_copy_file_range(call_frame_t *frame, xlator_t *this, fd_t *fd_in,
     gf_boolean_t locked = _gf_false;
     gf_boolean_t update_atomic = _gf_false;
     posix_inode_ctx_t *ctx = NULL;
+    char in_uuid_str[64] = {0}, out_uuid_str[64] = {0};
 
     VALIDATE_OR_GOTO(frame, out);
     VALIDATE_OR_GOTO(this, out);
@@ -2201,8 +2202,8 @@ posix_copy_file_range(call_frame_t *frame, xlator_t *this, fd_t *fd_in,
         gf_msg(this->name, GF_LOG_ERROR, op_errno, P_MSG_COPY_FILE_RANGE_FAILED,
                "copy_file_range failed: fd_in: %p (gfid: %s) ,"
                " fd_out %p (gfid:%s)",
-               fd_in, uuid_utoa(fd_in->inode->gfid), fd_out,
-               uuid_utoa(fd_out->inode->gfid));
+               fd_in, uuid_utoa_r(fd_in->inode->gfid, in_uuid_str), fd_out,
+               uuid_utoa_r(fd_out->inode->gfid, out_uuid_str));
         goto out;
     }
 
diff --git a/xlators/storage/posix/src/posix-metadata.c b/xlators/storage/posix/src/posix-metadata.c
index 63967cf3ade..872a693f513 100644
--- a/xlators/storage/posix/src/posix-metadata.c
+++ b/xlators/storage/posix/src/posix-metadata.c
@@ -820,6 +820,7 @@ posix_set_ctime_cfr(call_frame_t *frame, xlator_t *this,
     };
     int ret = 0;
     struct posix_private *priv = NULL;
+    char in_uuid_str[64] = {0}, out_uuid_str[64] = {0};
 
     priv = this->private;
 
@@ -834,9 +835,11 @@ posix_set_ctime_cfr(call_frame_t *frame, xlator_t *this,
                    "posix set mdata failed, No ctime : in: %s gfid_in:%s "
                    "out: %s gfid_out:%s",
                    real_path_in,
-                   inode_in ? uuid_utoa(inode_in->gfid) : "No inode",
+                   (inode_in ? uuid_utoa_r(inode_in->gfid, in_uuid_str)
+                             : "No inode"),
                    real_path_out,
-                   inode_out ? uuid_utoa(inode_out->gfid) : "No inode");
+                   (inode_out ? uuid_utoa_r(inode_out->gfid, out_uuid_str)
+                              : "No inode"));
             goto out;
         }
 
-- 
cgit