LU-1855 build: fix 'out-of-bounds access' errors

Fix 'out-of-bounds access' defects found by Coverity version 6.0.3:
Out-of-bounds access (OVERRUN_STATIC)
Overrunning static array by passing it to a
function which indexes it at a higher byte position.

Signed-off-by: Sebastien Buisson <sebastien.buisson@bull.net>
Change-Id: Ic0fd90787ef969c786e9b0149df83491cdddc631
Reviewed-on: http://review.whamcloud.com/3902
Reviewed-by: Fan Yong <yong.fan@whamcloud.com>
Tested-by: Hudson
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/libcfs/autoconf/lustre-libcfs.m4 b/libcfs/autoconf/lustre-libcfs.m4
index 28663b6..62ec024 100644 (file)
--- a/libcfs/autoconf/lustre-libcfs.m4
+++ b/libcfs/autoconf/lustre-libcfs.m4
@@ -838,6 +838,9 @@ AC_CHECK_FUNCS([strnlen])
 # lnet/libcfs/user-prim.c, missing for RHEL5 and earlier userspace
 AC_CHECK_FUNCS([strlcpy])
 
+# libcfs/libcfs/user-prim.c, missing for RHEL5 and earlier userspace
+AC_CHECK_FUNCS([strlcat])
+
 AC_CHECK_TYPE([umode_t],
        [AC_DEFINE(HAVE_UMODE_T, 1, [umode_t is defined])],
        [],

diff --git a/libcfs/include/libcfs/user-prim.h b/libcfs/include/libcfs/user-prim.h
index c8e5611..756062b 100644 (file)
--- a/libcfs/include/libcfs/user-prim.h
+++ b/libcfs/include/libcfs/user-prim.h
@@ -167,6 +167,10 @@ gid_t cfs_curproc_fsgid(void);
 size_t strlcpy(char *tgt, const char *src, size_t tgt_len);
 #endif
 
+#ifndef HAVE_STRLCAT /* not in glibc for RHEL 5.x, remove when obsolete */
+size_t strlcat(char *tgt, const char *src, size_t tgt_len);
+#endif
+
 #define LIBCFS_REALLOC(ptr, size) realloc(ptr, size)
 
 #define cfs_online_cpus() sysconf(_SC_NPROCESSORS_ONLN)

diff --git a/libcfs/libcfs/user-prim.c b/libcfs/libcfs/user-prim.c
index 0d8afc6..0cc1e3d 100644 (file)
--- a/libcfs/libcfs/user-prim.c
+++ b/libcfs/libcfs/user-prim.c
@@ -276,6 +276,20 @@ size_t strlcpy(char *tgt, const char *src, size_t tgt_len)
 }
 #endif
 
+#ifndef HAVE_STRLCAT /* not in glibc for RHEL 5.x, remove when obsolete */
+size_t strlcat(char *tgt, const char *src, size_t size)
+{
+       size_t tgt_len = strlen(tgt);
+
+       if (size > tgt_len) {
+               strncat(tgt, src, size - tgt_len - 1);
+               tgt[size - 1] = '\0';
+       }
+
+       return tgt_len + strlen(src);
+}
+#endif
+
 /* Read the environment variable of current process specified by @key. */
 int cfs_get_environ(const char *key, char *value, int *val_len)
 {

diff --git a/lustre/ptlrpc/sec.c b/lustre/ptlrpc/sec.c
index 315e99a..c4aa034 100644 (file)
--- a/lustre/ptlrpc/sec.c
+++ b/lustre/ptlrpc/sec.c
@@ -235,21 +235,20 @@ EXPORT_SYMBOL(sptlrpc_flavor2name);
 
 char *sptlrpc_secflags2str(__u32 flags, char *buf, int bufsize)
 {
-        buf[0] = '\0';
-
-        if (flags & PTLRPC_SEC_FL_REVERSE)
-                strncat(buf, "reverse,", bufsize);
-        if (flags & PTLRPC_SEC_FL_ROOTONLY)
-                strncat(buf, "rootonly,", bufsize);
-        if (flags & PTLRPC_SEC_FL_UDESC)
-                strncat(buf, "udesc,", bufsize);
-        if (flags & PTLRPC_SEC_FL_BULK)
-                strncat(buf, "bulk,", bufsize);
-        if (buf[0] == '\0')
-                strncat(buf, "-,", bufsize);
-
-        buf[bufsize - 1] = '\0';
-        return buf;
+       buf[0] = '\0';
+
+       if (flags & PTLRPC_SEC_FL_REVERSE)
+               strlcat(buf, "reverse,", bufsize);
+       if (flags & PTLRPC_SEC_FL_ROOTONLY)
+               strlcat(buf, "rootonly,", bufsize);
+       if (flags & PTLRPC_SEC_FL_UDESC)
+               strlcat(buf, "udesc,", bufsize);
+       if (flags & PTLRPC_SEC_FL_BULK)
+               strlcat(buf, "bulk,", bufsize);
+       if (buf[0] == '\0')
+               strlcat(buf, "-,", bufsize);
+
+       return buf;
 }
 EXPORT_SYMBOL(sptlrpc_secflags2str);
 

diff --git a/lustre/ptlrpc/sec_lproc.c b/lustre/ptlrpc/sec_lproc.c
index 2add995..0506d27 100644 (file)
--- a/lustre/ptlrpc/sec_lproc.c
+++ b/lustre/ptlrpc/sec_lproc.c
@@ -63,21 +63,20 @@ EXPORT_SYMBOL(sptlrpc_proc_root);
 
 char *sec_flags2str(unsigned long flags, char *buf, int bufsize)
 {
-        buf[0] = '\0';
-
-        if (flags & PTLRPC_SEC_FL_REVERSE)
-                strncat(buf, "reverse,", bufsize);
-        if (flags & PTLRPC_SEC_FL_ROOTONLY)
-                strncat(buf, "rootonly,", bufsize);
-        if (flags & PTLRPC_SEC_FL_UDESC)
-                strncat(buf, "udesc,", bufsize);
-        if (flags & PTLRPC_SEC_FL_BULK)
-                strncat(buf, "bulk,", bufsize);
-        if (buf[0] == '\0')
-                strncat(buf, "-,", bufsize);
-
-        buf[strlen(buf) - 1] = '\0';
-        return buf;
+       buf[0] = '\0';
+
+       if (flags & PTLRPC_SEC_FL_REVERSE)
+               strlcat(buf, "reverse,", bufsize);
+       if (flags & PTLRPC_SEC_FL_ROOTONLY)
+               strlcat(buf, "rootonly,", bufsize);
+       if (flags & PTLRPC_SEC_FL_UDESC)
+               strlcat(buf, "udesc,", bufsize);
+       if (flags & PTLRPC_SEC_FL_BULK)
+               strlcat(buf, "bulk,", bufsize);
+       if (buf[0] == '\0')
+               strlcat(buf, "-,", bufsize);
+
+       return buf;
 }
 
 static int sptlrpc_info_lprocfs_seq_show(struct seq_file *seq, void *v)