b=23663 fix buffer overflow in liblustre

i=dmitry
i=andrew

The space allocated to ll_instance to store the "%p" notation for a
pointer was failing to allocate enough space for the leading "0x" in
addition to the space for the actual address bytes.

diff --git a/lustre/liblustre/super.c b/lustre/liblustre/super.c
index a0464b5..1da4955 100644 (file)
--- a/lustre/liblustre/super.c
+++ b/lustre/liblustre/super.c
@@ -1966,7 +1966,7 @@ llu_fsswop_mount(const char *source,
         struct lustre_md md;
         class_uuid_t uuid;
         struct config_llog_instance cfg = {0, };
-        char ll_instance[sizeof(sbi) * 2 + 1];
+        char ll_instance[sizeof(sbi) * 2 + 3];
         struct lustre_profile *lprof;
         char *zconf_mgsnid, *zconf_profile;
         char *osc = NULL, *mdc = NULL;
@@ -1996,7 +1996,7 @@ llu_fsswop_mount(const char *source,
 
         /* generate a string unique to this super, let's try
          the address of the super itself.*/
-        sprintf(ll_instance, "%p", sbi);
+        snprintf(ll_instance, sizeof(ll_instance), "%p", sbi);
 
         /* retrive & parse config log */
         cfg.cfg_instance = ll_instance;