Whamcloud - gitweb
LU-4629 utils: fix input format specifier error 67/10667/4
authorDmitry Eremin <dmitry.eremin@intel.com>
Tue, 10 Jun 2014 20:09:38 +0000 (00:09 +0400)
committerOleg Drokin <oleg.drokin@intel.com>
Fri, 20 Jun 2014 03:01:48 +0000 (03:01 +0000)
Width is not specified for 's' conversion specifier. This can result in
an overflow of the buffer provided in arguments of a call to 'sscanf'.

Signed-off-by: Dmitry Eremin <dmitry.eremin@intel.com>
Change-Id: Ic9f37c19461a28a51bd1a0a1a42685b137773a41
Reviewed-on: http://review.whamcloud.com/10667
Tested-by: Jenkins
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
lustre/utils/gss/lsupport.c
lustre/utils/l_getidentity.c
lustre/utils/lfs.c
lustre/utils/liblustreapi.c
lustre/utils/obd.c

index 0f5d869..2fa31de 100644 (file)
@@ -434,12 +434,6 @@ static int read_mapping_db(void)
         while ((line = fgets(linebuf, MAX_LINE_LEN, f)) != NULL) {
                 char *name;
 
-                if (strlen(line) >= MAX_LINE_LEN) {
-                        printerr(0, "invalid mapping db: line too long (%d)\n",
-                                 strlen(line));
-                        continue;
-                }
-
                 if (sscanf(line, "%s %s %s", princ, nid_str, dest) != 3) {
                         printerr(0, "mapping db: syntax error\n");
                         continue;
index 8e718a5..307cf3f 100644 (file)
@@ -262,9 +262,12 @@ int parse_perm(__u32 *perm, __u32 *noperm, char *str)
         return 0;
 }
 
-int parse_perm_line(struct identity_downcall_data *data, char *line)
+static int
+parse_perm_line(struct identity_downcall_data *data, char *line, size_t size)
 {
-        char uid_str[256], nid_str[256], perm_str[256];
+       char uid_str[size];
+       char nid_str[size];
+       char perm_str[size];
         lnet_nid_t nid;
         __u32 perm, noperm;
         int rc, i;
@@ -275,7 +278,7 @@ int parse_perm_line(struct identity_downcall_data *data, char *line)
                 return -1;
         }
 
-        rc = sscanf(line, "%s %s %s", nid_str, uid_str, perm_str);
+       rc = sscanf(line, "%s %s %s", nid_str, uid_str, perm_str);
         if (rc != 3) {
                 errlog("can't parse line %s\n", line);
                 return -1;
@@ -355,8 +358,8 @@ int parse_perm_line(struct identity_downcall_data *data, char *line)
 
 int get_perms(struct identity_downcall_data *data)
 {
-        FILE *fp;
-        char line[1024];
+       FILE *fp;
+       char line[PATH_MAX];
 
         fp = fopen(PERM_PATHNAME, "r");
         if (fp == NULL) {
@@ -370,11 +373,11 @@ int get_perms(struct identity_downcall_data *data)
                 }
         }
 
-        while (fgets(line, 1024, fp)) {
+       while (fgets(line, sizeof(line), fp)) {
                 if (comment_line(line))
                         continue;
 
-                if (parse_perm_line(data, line)) {
+               if (parse_perm_line(data, line, sizeof(line))) {
                         errlog("parse line %s failed!\n", line);
                         data->idd_err = EINVAL;
                         fclose(fp);
index 88bef78..57cac30 100644 (file)
@@ -3030,10 +3030,10 @@ static int flushctx_ioctl(char *mp)
 
 static int lfs_flushctx(int argc, char **argv)
 {
-        int     kdestroy = 0, c;
-       FILE   *proc = NULL;
-        char    procline[PATH_MAX], *line;
-        int     rc = 0;
+       int     kdestroy = 0, c;
+       char    mntdir[PATH_MAX] = {'\0'};
+       int     index = 0;
+       int     rc = 0;
 
         optind = 0;
         while ((c = getopt(argc, argv, "k")) != -1) {
@@ -3049,46 +3049,24 @@ static int lfs_flushctx(int argc, char **argv)
         }
 
         if (kdestroy) {
-            int rc;
             if ((rc = system("kdestroy > /dev/null")) != 0) {
                 rc = WEXITSTATUS(rc);
                 fprintf(stderr, "error destroying tickets: %d, continuing\n", rc);
             }
         }
 
-        if (optind >= argc) {
-                /* flush for all mounted lustre fs. */
-                proc = fopen("/proc/mounts", "r");
-                if (!proc) {
-                        fprintf(stderr, "error: %s: can't open /proc/mounts\n",
-                                argv[0]);
-                        return -1;
-                }
-
-                while ((line = fgets(procline, PATH_MAX, proc)) != NULL) {
-                        char dev[PATH_MAX];
-                        char mp[PATH_MAX];
-                        char fs[PATH_MAX];
+       if (optind >= argc) {
+               /* flush for all mounted lustre fs. */
+               while (!llapi_search_mounts(NULL, index++, mntdir, NULL)) {
+                       /* Check if we have a mount point */
+                       if (mntdir[0] == '\0')
+                               continue;
 
-                        if (sscanf(line, "%s %s %s", dev, mp, fs) != 3) {
-                                fprintf(stderr, "%s: unexpected format in "
-                                                "/proc/mounts\n",
-                                        argv[0]);
+                       if (flushctx_ioctl(mntdir))
                                rc = -1;
-                               goto out;
-                        }
-
-                        if (strcmp(fs, "lustre") != 0)
-                                continue;
-                        /* we use '@' to determine it's a client. are there
-                         * any other better way?
-                         */
-                        if (strchr(dev, '@') == NULL)
-                                continue;
 
-                        if (flushctx_ioctl(mp))
-                                rc = -1;
-                }
+                       mntdir[0] = '\0'; /* avoid matching in next loop */
+               }
         } else {
                 /* flush fs as specified */
                 while (optind < argc) {
@@ -3096,10 +3074,6 @@ static int lfs_flushctx(int argc, char **argv)
                                 rc = -1;
                 }
         }
-
-out:
-       if (proc != NULL)
-               fclose(proc);
         return rc;
 }
 
index 7581054..8ef0fb6 100644 (file)
@@ -1776,10 +1776,11 @@ enum tgt_type {
 static int llapi_get_target_uuids(int fd, struct obd_uuid *uuidp,
                                   int *ost_count, enum tgt_type type)
 {
-        struct obd_uuid name;
-        char buf[1024];
-        FILE *fp;
-        int rc = 0, index = 0;
+       struct obd_uuid name;
+       char buf[1024];
+       char format[32];
+       FILE *fp;
+       int rc = 0, index = 0;
 
         /* Get the lov name */
         if (type == LOV_TYPE) {
@@ -1802,9 +1803,11 @@ static int llapi_get_target_uuids(int fd, struct obd_uuid *uuidp,
                 return rc;
         }
 
-        while (fgets(buf, sizeof(buf), fp) != NULL) {
-                if (uuidp && (index < *ost_count)) {
-                        if (sscanf(buf, "%d: %s", &index, uuidp[index].uuid) <2)
+       snprintf(format, sizeof(format),
+                "%%d: %%%zus", sizeof(uuidp[0].uuid) - 1);
+       while (fgets(buf, sizeof(buf), fp) != NULL) {
+               if (uuidp && (index < *ost_count)) {
+                       if (sscanf(buf, format, &index, uuidp[index].uuid) < 2)
                                 break;
                 }
                 index++;
@@ -1872,11 +1875,11 @@ int llapi_uuid_match(char *real_uuid, char *search_uuid)
  * returned in param->obdindex */
 static int setup_obd_uuid(DIR *dir, char *dname, struct find_param *param)
 {
-        struct obd_uuid obd_uuid;
-        char uuid[sizeof(struct obd_uuid)];
-        char buf[1024];
-        FILE *fp;
-        int rc = 0, index;
+       struct obd_uuid obd_uuid;
+       char buf[1024];
+       char format[32];
+       FILE *fp;
+       int rc = 0;
 
         if (param->got_uuids)
                 return rc;
@@ -1912,12 +1915,17 @@ static int setup_obd_uuid(DIR *dir, char *dname, struct find_param *param)
                 llapi_printf(LLAPI_MSG_NORMAL, "%s:\n",
                              param->get_lmv ? "MDTS" : "OBDS:");
 
-        while (fgets(buf, sizeof(buf), fp) != NULL) {
-                if (sscanf(buf, "%d: %s", &index, uuid) < 2)
-                        break;
+       snprintf(format, sizeof(format),
+                "%%d: %%%zus", sizeof(obd_uuid.uuid) - 1);
+       while (fgets(buf, sizeof(buf), fp) != NULL) {
+               int index;
 
-                if (param->obduuid) {
-                        if (llapi_uuid_match(uuid, param->obduuid->uuid)) {
+               if (sscanf(buf, format, &index, obd_uuid.uuid) < 2)
+                       break;
+
+               if (param->obduuid) {
+                       if (llapi_uuid_match(obd_uuid.uuid,
+                                            param->obduuid->uuid)) {
                                 param->obdindex = index;
                                 break;
                         }
index dcc263f..9bac523 100644 (file)
@@ -939,10 +939,6 @@ int jt_get_version(int argc, char **argv)
         return rc;
 }
 
-/*
- * Print an obd device line with the ost_conn_uuid inserted, if the obd
- * is an osc.
- */
 static void print_obd_line(char *s)
 {
         char buf[MAX_STRING_SIZE];
@@ -950,7 +946,9 @@ static void print_obd_line(char *s)
         FILE *fp = NULL;
         char *ptr;
 
-        if (sscanf(s, " %*d %*s osc %s %*s %*d ", obd_name) == 0)
+       snprintf(buf, sizeof(buf), " %%*d %%*s osc %%%zus %%*s %%*d ",
+                sizeof(obd_name) - 1);
+       if (sscanf(s, buf, obd_name) == 0)
                 goto try_mdc;
         snprintf(buf, sizeof(buf),
                  "/proc/fs/lustre/osc/%s/ost_conn_uuid", obd_name);
@@ -959,7 +957,9 @@ static void print_obd_line(char *s)
         goto got_one;
 
 try_mdc:
-        if (sscanf(s, " %*d %*s mdc %s %*s %*d ", obd_name) == 0)
+       snprintf(buf, sizeof(buf), " %%*d %%*s mdc %%%zus %%*s %%*d ",
+                sizeof(obd_name) - 1);
+       if (sscanf(s, buf, obd_name) == 0)
                 goto fail;
         snprintf(buf, sizeof(buf),
                  "/proc/fs/lustre/mdc/%s/mds_conn_uuid", obd_name);