From 7ad24ad7978051c942381f66e04fd52bb9967dea Mon Sep 17 00:00:00 2001 From: Dmitry Eremin Date: Wed, 11 Jun 2014 00:09:38 +0400 Subject: [PATCH] LU-4629 utils: fix input format specifier error Width is not specified for 's' conversion specifier. This can result in an overflow of the buffer provided in arguments of a call to 'sscanf'. Signed-off-by: Dmitry Eremin Change-Id: Ic9f37c19461a28a51bd1a0a1a42685b137773a41 Reviewed-on: http://review.whamcloud.com/10667 Tested-by: Jenkins Reviewed-by: Andreas Dilger Tested-by: Maloo Reviewed-by: John L. Hammond Reviewed-by: Oleg Drokin --- lustre/utils/gss/lsupport.c | 6 ----- lustre/utils/l_getidentity.c | 17 +++++++++------ lustre/utils/lfs.c | 52 +++++++++++--------------------------------- lustre/utils/liblustreapi.c | 42 ++++++++++++++++++++--------------- lustre/utils/obd.c | 12 +++++----- 5 files changed, 54 insertions(+), 75 deletions(-) diff --git a/lustre/utils/gss/lsupport.c b/lustre/utils/gss/lsupport.c index 0f5d869..2fa31de 100644 --- a/lustre/utils/gss/lsupport.c +++ b/lustre/utils/gss/lsupport.c @@ -434,12 +434,6 @@ static int read_mapping_db(void) while ((line = fgets(linebuf, MAX_LINE_LEN, f)) != NULL) { char *name; - if (strlen(line) >= MAX_LINE_LEN) { - printerr(0, "invalid mapping db: line too long (%d)\n", - strlen(line)); - continue; - } - if (sscanf(line, "%s %s %s", princ, nid_str, dest) != 3) { printerr(0, "mapping db: syntax error\n"); continue; diff --git a/lustre/utils/l_getidentity.c b/lustre/utils/l_getidentity.c index 8e718a5..307cf3f 100644 --- a/lustre/utils/l_getidentity.c +++ b/lustre/utils/l_getidentity.c @@ -262,9 +262,12 @@ int parse_perm(__u32 *perm, __u32 *noperm, char *str) return 0; } -int parse_perm_line(struct identity_downcall_data *data, char *line) +static int +parse_perm_line(struct identity_downcall_data *data, char *line, size_t size) { - char uid_str[256], nid_str[256], perm_str[256]; + char uid_str[size]; + char nid_str[size]; + char perm_str[size]; lnet_nid_t nid; __u32 perm, noperm; int rc, i; @@ -275,7 +278,7 @@ int parse_perm_line(struct identity_downcall_data *data, char *line) return -1; } - rc = sscanf(line, "%s %s %s", nid_str, uid_str, perm_str); + rc = sscanf(line, "%s %s %s", nid_str, uid_str, perm_str); if (rc != 3) { errlog("can't parse line %s\n", line); return -1; @@ -355,8 +358,8 @@ int parse_perm_line(struct identity_downcall_data *data, char *line) int get_perms(struct identity_downcall_data *data) { - FILE *fp; - char line[1024]; + FILE *fp; + char line[PATH_MAX]; fp = fopen(PERM_PATHNAME, "r"); if (fp == NULL) { @@ -370,11 +373,11 @@ int get_perms(struct identity_downcall_data *data) } } - while (fgets(line, 1024, fp)) { + while (fgets(line, sizeof(line), fp)) { if (comment_line(line)) continue; - if (parse_perm_line(data, line)) { + if (parse_perm_line(data, line, sizeof(line))) { errlog("parse line %s failed!\n", line); data->idd_err = EINVAL; fclose(fp); diff --git a/lustre/utils/lfs.c b/lustre/utils/lfs.c index 88bef78..57cac30 100644 --- a/lustre/utils/lfs.c +++ b/lustre/utils/lfs.c @@ -3030,10 +3030,10 @@ static int flushctx_ioctl(char *mp) static int lfs_flushctx(int argc, char **argv) { - int kdestroy = 0, c; - FILE *proc = NULL; - char procline[PATH_MAX], *line; - int rc = 0; + int kdestroy = 0, c; + char mntdir[PATH_MAX] = {'\0'}; + int index = 0; + int rc = 0; optind = 0; while ((c = getopt(argc, argv, "k")) != -1) { @@ -3049,46 +3049,24 @@ static int lfs_flushctx(int argc, char **argv) } if (kdestroy) { - int rc; if ((rc = system("kdestroy > /dev/null")) != 0) { rc = WEXITSTATUS(rc); fprintf(stderr, "error destroying tickets: %d, continuing\n", rc); } } - if (optind >= argc) { - /* flush for all mounted lustre fs. */ - proc = fopen("/proc/mounts", "r"); - if (!proc) { - fprintf(stderr, "error: %s: can't open /proc/mounts\n", - argv[0]); - return -1; - } - - while ((line = fgets(procline, PATH_MAX, proc)) != NULL) { - char dev[PATH_MAX]; - char mp[PATH_MAX]; - char fs[PATH_MAX]; + if (optind >= argc) { + /* flush for all mounted lustre fs. */ + while (!llapi_search_mounts(NULL, index++, mntdir, NULL)) { + /* Check if we have a mount point */ + if (mntdir[0] == '\0') + continue; - if (sscanf(line, "%s %s %s", dev, mp, fs) != 3) { - fprintf(stderr, "%s: unexpected format in " - "/proc/mounts\n", - argv[0]); + if (flushctx_ioctl(mntdir)) rc = -1; - goto out; - } - - if (strcmp(fs, "lustre") != 0) - continue; - /* we use '@' to determine it's a client. are there - * any other better way? - */ - if (strchr(dev, '@') == NULL) - continue; - if (flushctx_ioctl(mp)) - rc = -1; - } + mntdir[0] = '\0'; /* avoid matching in next loop */ + } } else { /* flush fs as specified */ while (optind < argc) { @@ -3096,10 +3074,6 @@ static int lfs_flushctx(int argc, char **argv) rc = -1; } } - -out: - if (proc != NULL) - fclose(proc); return rc; } diff --git a/lustre/utils/liblustreapi.c b/lustre/utils/liblustreapi.c index 7581054..8ef0fb6 100644 --- a/lustre/utils/liblustreapi.c +++ b/lustre/utils/liblustreapi.c @@ -1776,10 +1776,11 @@ enum tgt_type { static int llapi_get_target_uuids(int fd, struct obd_uuid *uuidp, int *ost_count, enum tgt_type type) { - struct obd_uuid name; - char buf[1024]; - FILE *fp; - int rc = 0, index = 0; + struct obd_uuid name; + char buf[1024]; + char format[32]; + FILE *fp; + int rc = 0, index = 0; /* Get the lov name */ if (type == LOV_TYPE) { @@ -1802,9 +1803,11 @@ static int llapi_get_target_uuids(int fd, struct obd_uuid *uuidp, return rc; } - while (fgets(buf, sizeof(buf), fp) != NULL) { - if (uuidp && (index < *ost_count)) { - if (sscanf(buf, "%d: %s", &index, uuidp[index].uuid) <2) + snprintf(format, sizeof(format), + "%%d: %%%zus", sizeof(uuidp[0].uuid) - 1); + while (fgets(buf, sizeof(buf), fp) != NULL) { + if (uuidp && (index < *ost_count)) { + if (sscanf(buf, format, &index, uuidp[index].uuid) < 2) break; } index++; @@ -1872,11 +1875,11 @@ int llapi_uuid_match(char *real_uuid, char *search_uuid) * returned in param->obdindex */ static int setup_obd_uuid(DIR *dir, char *dname, struct find_param *param) { - struct obd_uuid obd_uuid; - char uuid[sizeof(struct obd_uuid)]; - char buf[1024]; - FILE *fp; - int rc = 0, index; + struct obd_uuid obd_uuid; + char buf[1024]; + char format[32]; + FILE *fp; + int rc = 0; if (param->got_uuids) return rc; @@ -1912,12 +1915,17 @@ static int setup_obd_uuid(DIR *dir, char *dname, struct find_param *param) llapi_printf(LLAPI_MSG_NORMAL, "%s:\n", param->get_lmv ? "MDTS" : "OBDS:"); - while (fgets(buf, sizeof(buf), fp) != NULL) { - if (sscanf(buf, "%d: %s", &index, uuid) < 2) - break; + snprintf(format, sizeof(format), + "%%d: %%%zus", sizeof(obd_uuid.uuid) - 1); + while (fgets(buf, sizeof(buf), fp) != NULL) { + int index; - if (param->obduuid) { - if (llapi_uuid_match(uuid, param->obduuid->uuid)) { + if (sscanf(buf, format, &index, obd_uuid.uuid) < 2) + break; + + if (param->obduuid) { + if (llapi_uuid_match(obd_uuid.uuid, + param->obduuid->uuid)) { param->obdindex = index; break; } diff --git a/lustre/utils/obd.c b/lustre/utils/obd.c index dcc263f..9bac523 100644 --- a/lustre/utils/obd.c +++ b/lustre/utils/obd.c @@ -939,10 +939,6 @@ int jt_get_version(int argc, char **argv) return rc; } -/* - * Print an obd device line with the ost_conn_uuid inserted, if the obd - * is an osc. - */ static void print_obd_line(char *s) { char buf[MAX_STRING_SIZE]; @@ -950,7 +946,9 @@ static void print_obd_line(char *s) FILE *fp = NULL; char *ptr; - if (sscanf(s, " %*d %*s osc %s %*s %*d ", obd_name) == 0) + snprintf(buf, sizeof(buf), " %%*d %%*s osc %%%zus %%*s %%*d ", + sizeof(obd_name) - 1); + if (sscanf(s, buf, obd_name) == 0) goto try_mdc; snprintf(buf, sizeof(buf), "/proc/fs/lustre/osc/%s/ost_conn_uuid", obd_name); @@ -959,7 +957,9 @@ static void print_obd_line(char *s) goto got_one; try_mdc: - if (sscanf(s, " %*d %*s mdc %s %*s %*d ", obd_name) == 0) + snprintf(buf, sizeof(buf), " %%*d %%*s mdc %%%zus %%*s %%*d ", + sizeof(obd_name) - 1); + if (sscanf(s, buf, obd_name) == 0) goto fail; snprintf(buf, sizeof(buf), "/proc/fs/lustre/mdc/%s/mds_conn_uuid", obd_name); -- 1.8.3.1