git://git.whamcloud.com - fs/lustre-release.git/commit

author	Frank Zago <fzago@cray.com>
	Thu, 19 May 2016 21:18:18 +0000 (17:18 -0400)
committer	Oleg Drokin <oleg.drokin@intel.com>
	Tue, 14 Jun 2016 03:54:52 +0000 (03:54 +0000)
commit	b631a91e7e70ff609268def24e51b5bb089a5545
tree	196b67d8f7d60169a1ee05ac5883875f03258ada	tree \| snapshot
parent	89a668f6c8770c5af8c99984003ffd9844dc2904	commit \| diff

LU-8171 hsm: stack overrun in hai_dump_data_field

With the stock 3.10 kernel, hai_dump_data_field will do a stack buffer
overrun when cat'ing /proc/fs/lustre/.../hsm/actions if an action has
some data in it.

hai_dump_data_field uses snprintf. But there is no check for
truncation, and the value returned by snprintf is used as-is. The
coordinator code calls hai_dump_data_field with 12 bytes in the
buffer. The 6th byte of data is printed incompletely to make room for
the terminating NUL. However snprintf still returns 2, so when
hai_dump_data_field writes the final NUL, it does it outside the
reserved buffer, in the 13th byte of the buffer. This stack buffer
overrun hangs my VM.

This doesn't happen on CentOS 6.

Fix by checking that there is enough room for the next 2 characters
plus the NUL terminator. Don't print half bytes. Change the format to
02X instead of .2X, which makes more sense.

Signed-off-by: frank zago <fzago@cray.com>
Change-Id: Icb6e658fc63f441b7a698f595ac71a1236ff3588
Reviewed-on: http://review.whamcloud.com/20338
Tested-by: Jenkins
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Jean-Baptiste Riaux <riaux.jb@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>