From b4eedcb4e432d2c2a5411e6cba1dedafba8e3c50 Mon Sep 17 00:00:00 2001
From: Sunny Kumar <sunkumar@redhat.com>
Date: Mon, 17 Sep 2018 16:56:48 +0530
Subject: geo-rep : fix coverity issues in glusterd-geo-rep.c

This patch fixes CID 1210979, 1214614, 1292650, 1357874, 1382404.

1. overflowed or a truncated value : call to sys_read has been reduced
   to 'sizeof(buf) -1' and after operation buf is properly terminated.

2. tainted_data_argument : truncation due to cast operation on operand :
   resulted form call to strtol: chaged data type from pid_t to long.

3. tainted_data_argument : call to fgets is reduced by 2 to make space
   for the '\n' and '\0'.

updates: bz#789278
Change-Id: Ib883501205c85007771213071c8e182286eb0bc0
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-geo-rep.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

(limited to 'xlators')

diff --git a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c
index 948655bf815..c8a4be2cdea 100644
--- a/xlators/mgmt/glusterd/src/glusterd-geo-rep.c
+++ b/xlators/mgmt/glusterd/src/glusterd-geo-rep.c
@@ -745,7 +745,7 @@ _fcbk_conftodict(char *resbuf, size_t blen, FILE *fp, void *data)
 
     for (;;) {
         errno = 0;
-        ptr = fgets(resbuf, blen, fp);
+        ptr = fgets(resbuf, blen - 2, fp);
         if (!ptr)
             break;
         v = resbuf + strlen(resbuf) - 1;
@@ -808,7 +808,7 @@ _fcbk_statustostruct(char *resbuf, size_t blen, FILE *fp, void *data)
 
     for (;;) {
         errno = 0;
-        ptr = fgets(resbuf, blen, fp);
+        ptr = fgets(resbuf, blen - 2, fp);
         if (!ptr)
             break;
 
@@ -3914,7 +3914,7 @@ gd_pause_or_resume_gsync(dict_t *dict, char *master, char *slave,
 {
     int32_t ret = 0;
     int pfd = -1;
-    pid_t pid = 0;
+    long pid = 0;
     char pidfile[PATH_MAX] = {
         0,
     };
@@ -3979,8 +3979,9 @@ gd_pause_or_resume_gsync(dict_t *dict, char *master, char *slave,
         goto out;
     }
 
-    ret = sys_read(pfd, buf, sizeof(buf));
+    ret = sys_read(pfd, buf, sizeof(buf) - 1);
     if (ret > 0) {
+        buf[ret] = '\0';
         pid = strtol(buf, NULL, 10);
         if (is_pause) {
             ret = kill(-pid, SIGSTOP);
@@ -4072,7 +4073,7 @@ stop_gsync(char *master, char *slave, char **msg, char *conf_path,
 {
     int32_t ret = 0;
     int pfd = -1;
-    pid_t pid = 0;
+    long pid = 0;
     char pidfile[PATH_MAX] = {
         0,
     };
@@ -4111,8 +4112,9 @@ stop_gsync(char *master, char *slave, char **msg, char *conf_path,
     if (pfd < 0)
         goto out;
 
-    ret = sys_read(pfd, buf, sizeof(buf));
+    ret = sys_read(pfd, buf, sizeof(buf) - 1);
     if (ret > 0) {
+        buf[ret] = '\0';
         pid = strtol(buf, NULL, 10);
         ret = kill(-pid, SIGTERM);
         if (ret && !is_force) {
@@ -5479,8 +5481,9 @@ glusterd_op_copy_file(dict_t *dict, char **op_errstr)
         }
 
         do {
-            ret = sys_read(fd, buf, sizeof(buf));
+            ret = sys_read(fd, buf, sizeof(buf) - 1);
             if (ret > 0) {
+                buf[ret] = '\0';
                 memcpy(contents + bytes_read, buf, ret);
                 bytes_read += ret;
             }
-- 
cgit