From 723613a734af240e03d9e8b42afeba442a77142d Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Tue, 2 Oct 2012 16:52:17 +0200 Subject: [PATCH] LU-2074 build: fix 'copy into fixed size buffer' errors Fix 'copy into fixed size buffer' defects found by Coverity version 6.0.3: Copy into fixed size buffer (STRING_OVERFLOW) The fixed-size string might be overrun by copying without checking the length. Signed-off-by: Sebastien Buisson Change-Id: Ia47e6ae132fe476fce202ce06d6fc655f9855012 Reviewed-on: http://review.whamcloud.com/4154 Reviewed-by: Dmitry Eremin Tested-by: Hudson Tested-by: Maloo Reviewed-by: Oleg Drokin --- libcfs/libcfs/linux/linux-tcpip.c | 15 ++++-- libcfs/libcfs/util/parser.c | 4 +- libcfs/libcfs/workitem.c | 7 ++- lnet/selftest/console.c | 24 ++++++++-- lnet/utils/debug.c | 20 ++++++-- lustre/mgs/mgs_llog.c | 10 +++- lustre/ptlrpc/nrs.c | 6 ++- lustre/ptlrpc/sec_config.c | 6 ++- lustre/utils/lfs.c | 35 +++++++++----- lustre/utils/liblustreapi.c | 21 +++++++-- lustre/utils/ltrack_stats.c | 93 +++++++++++++++++++------------------- lustre/utils/lustre_cfg.c | 13 +++++- lustre/utils/lustre_rsync.c | 16 +++++-- lustre/utils/mount_lustre.c | 7 ++- lustre/utils/mount_utils_ldiskfs.c | 12 ++++- lustre/utils/obd.c | 58 ++++++++++++++++-------- 16 files changed, 240 insertions(+), 107 deletions(-) diff --git a/libcfs/libcfs/linux/linux-tcpip.c b/libcfs/libcfs/linux/linux-tcpip.c index 480b9a5..18bfd3f 100644 --- a/libcfs/libcfs/linux/linux-tcpip.c +++ b/libcfs/libcfs/linux/linux-tcpip.c @@ -121,7 +121,10 @@ libcfs_ipif_query (char *name, int *up, __u32 *ip, __u32 *mask) CLASSERT (sizeof(ifr.ifr_name) >= IFNAMSIZ); - strcpy(ifr.ifr_name, name); + if (strlen(name) > sizeof(ifr.ifr_name)-1) + return -E2BIG; + strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + rc = libcfs_sock_ioctl(SIOCGIFFLAGS, (unsigned long)&ifr); if (rc != 0) { @@ -138,7 +141,10 @@ libcfs_ipif_query (char *name, int *up, __u32 *ip, __u32 *mask) *up = 1; - strcpy(ifr.ifr_name, name); + if (strlen(name) > sizeof(ifr.ifr_name)-1) + return -E2BIG; + strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + ifr.ifr_addr.sa_family = AF_INET; rc = libcfs_sock_ioctl(SIOCGIFADDR, (unsigned long)&ifr); @@ -150,7 +156,10 @@ libcfs_ipif_query (char *name, int *up, __u32 *ip, __u32 *mask) val = ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr.s_addr; *ip = ntohl(val); - strcpy(ifr.ifr_name, name); + if (strlen(name) > sizeof(ifr.ifr_name)-1) + return -E2BIG; + strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + ifr.ifr_addr.sa_family = AF_INET; rc = libcfs_sock_ioctl(SIOCGIFNETMASK, (unsigned long)&ifr); diff --git a/libcfs/libcfs/util/parser.c b/libcfs/libcfs/util/parser.c index 949a2b4..f395fa3 100644 --- a/libcfs/libcfs/util/parser.c +++ b/libcfs/libcfs/util/parser.c @@ -460,7 +460,9 @@ int Parser_help(int argc, char **argv) line[0]='\0'; for ( i = 1 ; i < argc ; i++ ) { - strcat(line, argv[i]); + if (strlen(argv[i]) > sizeof(line)-strlen(line)-1) + return -E2BIG; + strncat(line, argv[i], sizeof(line)-strlen(line)-1); } switch ( process(line, &next, top_level, &result, &prev) ) { diff --git a/libcfs/libcfs/workitem.c b/libcfs/libcfs/workitem.c index 49bee6a..a22d4a9 100644 --- a/libcfs/libcfs/workitem.c +++ b/libcfs/libcfs/workitem.c @@ -439,7 +439,12 @@ cfs_wi_sched_create(char *name, struct cfs_cpt_table *cptab, if (sched == NULL) return -ENOMEM; - strncpy(sched->ws_name, name, CFS_WS_NAME_LEN); + if (strlen(name) > sizeof(sched->ws_name)-1) { + LIBCFS_FREE(sched, sizeof(*sched)); + return -E2BIG; + } + strncpy(sched->ws_name, name, sizeof(sched->ws_name)); + sched->ws_cptab = cptab; sched->ws_cpt = cpt; diff --git a/lnet/selftest/console.c b/lnet/selftest/console.c index d58cc9c..aac83bd 100644 --- a/lnet/selftest/console.c +++ b/lnet/selftest/console.c @@ -211,8 +211,14 @@ lstcon_group_alloc(char *name, lstcon_group_t **grpp) grp_ndl_hash[LST_NODE_HASHSIZE])); grp->grp_ref = 1; - if (name != NULL) - strcpy(grp->grp_name, name); + if (name != NULL) { + if (strlen(name) > sizeof(grp->grp_name)-1) { + LIBCFS_FREE(grp, offsetof(lstcon_group_t, + grp_ndl_hash[LST_NODE_HASHSIZE])); + return -E2BIG; + } + strncpy(grp->grp_name, name, sizeof(grp->grp_name)); + } CFS_INIT_LIST_HEAD(&grp->grp_link); CFS_INIT_LIST_HEAD(&grp->grp_ndl_list); @@ -891,7 +897,13 @@ lstcon_batch_add(char *name) return -ENOMEM; } - strcpy(bat->bat_name, name); + if (strlen(name) > sizeof(bat->bat_name)-1) { + LIBCFS_FREE(bat->bat_srv_hash, LST_NODE_HASHSIZE); + LIBCFS_FREE(bat->bat_cli_hash, LST_NODE_HASHSIZE); + LIBCFS_FREE(bat, sizeof(lstcon_batch_t)); + return -E2BIG; + } + strncpy(bat->bat_name, name, sizeof(bat->bat_name)); bat->bat_hdr.tsb_index = 0; bat->bat_hdr.tsb_id.bat_id = ++console_session.ses_id_cookie; @@ -1762,7 +1774,11 @@ lstcon_session_new(char *name, int key, unsigned feats, console_session.ses_feats_updated = 0; console_session.ses_timeout = (timeout <= 0) ? LST_CONSOLE_TIMEOUT : timeout; - strcpy(console_session.ses_name, name); + + if (strlen(name) > sizeof(console_session.ses_name)-1) + return -E2BIG; + strncpy(console_session.ses_name, name, + sizeof(console_session.ses_name)); rc = lstcon_batch_add(LST_DEFAULT_BATCH); if (rc != 0) diff --git a/lnet/utils/debug.c b/lnet/utils/debug.c index 33699ff..f975866 100644 --- a/lnet/utils/debug.c +++ b/lnet/utils/debug.c @@ -585,11 +585,21 @@ int jt_dbg_debug_kernel(int argc, char **argv) /* If we are dumping raw (which means no conversion step to ASCII) * then dump directly to any supplied filename, otherwise this is * just a temp file and we dump to the real file at convert time. */ - if (argc > 1 && raw) - strcpy(filename, argv[1]); - else - sprintf(filename, "%s"CFS_TIME_T".%u", - LIBCFS_DEBUG_FILE_PATH_DEFAULT, time(NULL), getpid()); + if (argc > 1 && raw) { + if (strlen(argv[1]) > sizeof(filename)-1) { + fprintf(stderr, "File name too long: %s\n", argv[1]); + return 1; + } + strncpy(filename, argv[1], sizeof(filename)); + } else { + if (snprintf(filename, sizeof(filename), "%s"CFS_TIME_T".%u", + LIBCFS_DEBUG_FILE_PATH_DEFAULT, time(NULL), + getpid()) >= + sizeof(filename)) { + fprintf(stderr, "File name too long\n"); + return 1; + } + } if (stat(filename, &st) == 0 && S_ISREG(st.st_mode)) unlink(filename); diff --git a/lustre/mgs/mgs_llog.c b/lustre/mgs/mgs_llog.c index 8e40891..fb9ae68 100644 --- a/lustre/mgs/mgs_llog.c +++ b/lustre/mgs/mgs_llog.c @@ -693,8 +693,14 @@ static int mgs_modify(const struct lu_env *env, struct mgs_device *mgs, OBD_ALLOC_PTR(mml); if (!mml) GOTO(out_close, rc = -ENOMEM); - strcpy(mml->mml_marker.cm_comment, comment); - strcpy(mml->mml_marker.cm_tgtname, devname); + if (strlcpy(mml->mml_marker.cm_comment, comment, + sizeof(mml->mml_marker.cm_comment)) >= + sizeof(mml->mml_marker.cm_comment)) + GOTO(out_close, rc = -E2BIG); + if (strlcpy(mml->mml_marker.cm_tgtname, devname, + sizeof(mml->mml_marker.cm_tgtname)) >= + sizeof(mml->mml_marker.cm_tgtname)) + GOTO(out_close, rc = -E2BIG); /* Modify mostly means cancel */ mml->mml_marker.cm_flags = flags; mml->mml_marker.cm_canceltime = flags ? cfs_time_current_sec() : 0; diff --git a/lustre/ptlrpc/nrs.c b/lustre/ptlrpc/nrs.c index a023a05..069f6a0 100644 --- a/lustre/ptlrpc/nrs.c +++ b/lustre/ptlrpc/nrs.c @@ -1194,7 +1194,11 @@ int ptlrpc_nrs_policy_register(struct ptlrpc_nrs_pol_conf *conf) if (desc == NULL) GOTO(fail, rc = -ENOMEM); - strncpy(desc->pd_name, conf->nc_name, NRS_POL_NAME_MAX); + if (strlcpy(desc->pd_name, conf->nc_name, sizeof(desc->pd_name)) >= + sizeof(desc->pd_name)) { + OBD_FREE_PTR(desc); + GOTO(fail, rc = -E2BIG); + } desc->pd_ops = conf->nc_ops; desc->pd_compat = conf->nc_compat; desc->pd_compat_svc_name = conf->nc_compat_svc_name; diff --git a/lustre/ptlrpc/sec_config.c b/lustre/ptlrpc/sec_config.c index ee2c277..75b71d5 100644 --- a/lustre/ptlrpc/sec_config.c +++ b/lustre/ptlrpc/sec_config.c @@ -619,7 +619,11 @@ struct sptlrpc_conf *sptlrpc_conf_get(const char *fsname, if (conf == NULL) return NULL; - strcpy(conf->sc_fsname, fsname); + if (strlcpy(conf->sc_fsname, fsname, sizeof(conf->sc_fsname)) >= + sizeof(conf->sc_fsname)) { + OBD_FREE_PTR(conf); + return NULL; + } sptlrpc_rule_set_init(&conf->sc_rset); CFS_INIT_LIST_HEAD(&conf->sc_tgts); cfs_list_add(&conf->sc_list, &sptlrpc_confs); diff --git a/lustre/utils/lfs.c b/lustre/utils/lfs.c index c701181..fd7fd00 100644 --- a/lustre/utils/lfs.c +++ b/lustre/utils/lfs.c @@ -408,7 +408,11 @@ static int lfs_migrate(char *name, unsigned long long stripe_size, } /* search for file directory pathname */ - strcpy(parent, name); + if (strlen(name) > sizeof(parent)-1) { + rc = -E2BIG; + goto free; + } + strncpy(parent, name, sizeof(parent)); ptr = strrchr(parent, '/'); if (ptr == NULL) { if (getcwd(parent, sizeof(parent)) == NULL) { @@ -1116,20 +1120,24 @@ static int lfs_find(int argc, char **argv) param.obduuid = tmp; } for (token = buf; token && *token; token = next) { - char *uuid; - if (c == 'm') - uuid = - param.mdtuuid[param.num_mdts++].uuid; - else - uuid = - param.obduuid[param.num_obds++].uuid; + struct obd_uuid *puuid; + if (c == 'm') { + puuid = + ¶m.mdtuuid[param.num_mdts++]; + } else { + puuid = + ¶m.obduuid[param.num_obds++]; + } p = strchr(token, ','); next = 0; if (p) { *p = 0; next = p+1; } - strcpy((char *)uuid, token); + if (strlen(token) > sizeof(puuid->uuid)-1) + GOTO(err_free, ret = -E2BIG); + strncpy(puuid->uuid, token, + sizeof(puuid->uuid)); } err_free: if (buf) @@ -3532,8 +3540,13 @@ static int lfs_hsm_request(int argc, char **argv, int action) hur->hur_request.hr_flags = 0; /* All remaining args are files, add them */ - if (nbfile != 0) - strcpy(some_file, argv[optind]); + if (nbfile != 0) { + if (strlen(argv[optind]) > sizeof(some_file)-1) { + free(hur); + return -E2BIG; + } + strncpy(some_file, argv[optind], sizeof(some_file)); + } for (i = 0; i < nbfile; i++) { hur->hur_user_item[i].hui_extent.length = -1; diff --git a/lustre/utils/liblustreapi.c b/lustre/utils/liblustreapi.c index 015036d..3051bdf 100644 --- a/lustre/utils/liblustreapi.c +++ b/lustre/utils/liblustreapi.c @@ -416,7 +416,12 @@ static int get_param_obdvar(const char *fsname, const char *file_path, return rc; } } else if (fsname) { - strcpy(fs, fsname); + if (strlen(fsname) > sizeof(fs)-1) { + if (fp != NULL) + fclose(fp); + return -E2BIG; + } + strncpy(fs, fsname, sizeof(fs)); } if (fp == NULL) { @@ -436,7 +441,11 @@ static int get_param_obdvar(const char *fsname, const char *file_path, tmp += strlen(obd_type) + 1; if (strcmp(tmp, fs)) continue; - strcpy(dev, tmp); + if (strlen(tmp) > sizeof(dev)-1) { + fclose(fp); + return -E2BIG; + } + strncpy(dev, tmp, sizeof(dev)); tmp = strchr(dev, ' '); if (tmp != NULL) *tmp = '\0'; @@ -1193,10 +1202,14 @@ int llapi_get_poollist(const char *name, char **poollist, int list_size, " a Lustre filesystem", name); return rc; } - strcpy(fsname, rname); + if (strlen(rname) > sizeof(fsname)-1) + return -E2BIG; + strncpy(fsname, rname, sizeof(fsname)); } else { /* name is FSNAME */ - strcpy(fsname, name); + if (strlen(name) > sizeof(fsname)-1) + return -E2BIG; + strncpy(fsname, name, sizeof(fsname)); rc = poolpath(fsname, NULL, pathname); } if (rc != 0) { diff --git a/lustre/utils/ltrack_stats.c b/lustre/utils/ltrack_stats.c index 38f4ada..4984a46 100644 --- a/lustre/utils/ltrack_stats.c +++ b/lustre/utils/ltrack_stats.c @@ -45,7 +45,7 @@ #include #include #include - +#include #define TRACK_BY_GID 0 #define TRACK_BY_PPID 1 @@ -66,14 +66,10 @@ #define LEN_CLIENT 1024 /* size of output of llstat command we read at a time */ -#define MAX 1024 - -/* max strlen of outfile we get on command line */ -#define LEN_OUT 1024 +#define LLSTAT_READ_SIZE 1024 /* Length of command given on command line */ #define COMM_LEN 4096 -pid_t llstat[1024]; /* print usage */ void print_usage() @@ -200,12 +196,12 @@ void check_llstat() pid_t fork_llstat_command(char* llstat_file,char* stats_path) { - char truncate_command[100]; - char llstat_command[LEN_LLSTAT]; - pid_t pid_llstat_command; - FILE *fp_popen, *fp_out; - char buffer[MAX]; - int ret; + char truncate_command[100]; + char llstat_command[LEN_LLSTAT]; + pid_t pid_llstat_command; + FILE *fp_popen, *fp_out; + char buffer[LLSTAT_READ_SIZE]; + int ret; /* Truncating llstat output file as it will be opened in while * loop to append output */ @@ -236,37 +232,37 @@ pid_t fork_llstat_command(char* llstat_file,char* stats_path) "\"%s\"n", llstat_command); exit(1); } - while (fgets(buffer, 1024, fp_popen) != NULL) { - /* Following code should be in while loop as llstat - * will keep on sending output each second and will - * not exit on itself. It will be killed when we finsh - * with our command so we must make the output file - * consistent after writing each 1024 bytes chunk */ - - /* opening file where llstat will write its output */ - fp_out = fopen(llstat_file, "a"); - if (!fp_out) { - fprintf(stderr, "Error: Couldn't open llstat" - "outfile file: %s\n", - llstat_file); - exit(1); - } - /* fgets reads the popen output and fprintf writes it to - * output file */ - - if (fputs(buffer, fp_out) == EOF) { - fprintf(stderr, "Error: Couldn't write output" - "of llstat to out file\n"); - exit(1); - } - - /* closing file opened for storing llstat's output */ - if (fclose(fp_out)) { - fprintf(stderr, "Error: Couldn't close llstat" - "outfile: %s\n", llstat_file); - exit(1); - } - } + while (fgets(buffer, LLSTAT_READ_SIZE, fp_popen) != NULL) { + /* Following code should be in while loop as llstat + * will keep on sending output each second and will + * not exit on itself. It will be killed when we finsh + * with our command so we must make the output file + * consistent after writing each 1024 bytes chunk */ + + /* opening file where llstat will write its output */ + fp_out = fopen(llstat_file, "a"); + if (!fp_out) { + fprintf(stderr, "Error: Couldn't open llstat" + "outfile file: %s\n", + llstat_file); + exit(1); + } + /* fgets reads the popen output and fprintf writes it to + * output file */ + + if (fputs(buffer, fp_out) == EOF) { + fprintf(stderr, "Error: Couldn't write output" + "of llstat to out file\n"); + exit(1); + } + + /* closing file opened for storing llstat's output */ + if (fclose(fp_out)) { + fprintf(stderr, "Error: Couldn't close llstat" + "outfile: %s\n", llstat_file); + exit(1); + } + } /* closing popen for llstat */ if (pclose(fp_popen) < 0) { fprintf(stderr, "Error: Couldn't pclos" @@ -453,12 +449,13 @@ int main(int argc, char **argv) while ((c = getopt(argc, argv, "l:g:c:i:a:h")) != 1) switch (c) { case 'l': - strcpy(llstat_file, optarg); - if (strlen(llstat_file) > LEN_OUT) { + if (strlen(optarg) > sizeof(llstat_file)-1) { fprintf(stderr, "length of outfile file" " is too long\n"); exit(1); - } + } + strncpy(llstat_file, optarg, + sizeof(llstat_file)); break; /* When any value is written to vfs_track_gid, then VFS @@ -467,7 +464,9 @@ int main(int argc, char **argv) * write_track_xid writes given in vfs_track_gid * here. */ case 'g': - strcpy(gid_string, optarg); + if (strlen(optarg) > sizeof(gid_string)-1) + return -E2BIG; + strncpy(gid_string, optarg, sizeof(gid_string)); get_command_from_argv(optind, argc, argv, "", command); gid = atoi(gid_string); diff --git a/lustre/utils/lustre_cfg.c b/lustre/utils/lustre_cfg.c index 1c9ed42..ab5a68f 100644 --- a/lustre/utils/lustre_cfg.c +++ b/lustre/utils/lustre_cfg.c @@ -900,7 +900,13 @@ static int getparam_display(struct param_opts *popt, char *pattern) /* As listparam_display is used to show param name (with type), * here "if (only_path)" is ignored.*/ if (popt->po_show_path) { - strcpy(filename, glob_info.gl_pathv[i]); + if (strlen(glob_info.gl_pathv[i]) > + sizeof(filename)-1) { + free(buf); + return -E2BIG; + } + strncpy(filename, glob_info.gl_pathv[i], + sizeof(filename)); valuename = display_name(filename, 0); } @@ -1029,7 +1035,10 @@ static int setparam_display(struct param_opts *popt, char *pattern, char *value) char *valuename = NULL; if (popt->po_show_path) { - strcpy(filename, glob_info.gl_pathv[i]); + if (strlen(glob_info.gl_pathv[i]) > sizeof(filename)-1) + return -E2BIG; + strncpy(filename, glob_info.gl_pathv[i], + sizeof(filename)); valuename = display_name(filename, 0); if (valuename) printf("%s=%s\n", valuename, value); diff --git a/lustre/utils/lustre_rsync.c b/lustre/utils/lustre_rsync.c index 0947551..77f213d 100644 --- a/lustre/utils/lustre_rsync.c +++ b/lustre/utils/lustre_rsync.c @@ -633,13 +633,23 @@ int lr_add_pc(const char *pfid, const char *tfid, const char *name) p = calloc(1, sizeof(*p)); if (!p) return -ENOMEM; - strcpy(p->pc_log.pcl_pfid, pfid); - strcpy(p->pc_log.pcl_tfid, tfid); - strcpy(p->pc_log.pcl_name, name); + if (strlen(pfid) > sizeof(p->pc_log.pcl_pfid)-1) + goto out_err; + strncpy(p->pc_log.pcl_pfid, pfid, sizeof(p->pc_log.pcl_pfid)); + if (strlen(tfid) > sizeof(p->pc_log.pcl_tfid)-1) + goto out_err; + strncpy(p->pc_log.pcl_tfid, tfid, sizeof(p->pc_log.pcl_tfid)); + if (strlen(name) > sizeof(p->pc_log.pcl_name)-1) + goto out_err; + strncpy(p->pc_log.pcl_name, name, sizeof(p->pc_log.pcl_name)); p->pc_next = parents; parents = p; return 0; + +out_err: + free(p); + return -E2BIG; } void lr_cascade_move(const char *fid, const char *dest, struct lr_info *info) diff --git a/lustre/utils/mount_lustre.c b/lustre/utils/mount_lustre.c index c8fe8a6..20abe44 100644 --- a/lustre/utils/mount_lustre.c +++ b/lustre/utils/mount_lustre.c @@ -324,7 +324,12 @@ static int clear_update_ondisk(char *source, struct lustre_disk_data *ldd) memset(&mkop, 0, sizeof(mkop)); mkop.mo_ldd = *ldd; mkop.mo_ldd.ldd_flags &= ~LDD_F_UPDATE; - strcpy(mkop.mo_device, source); + if (strlen(source) > sizeof(mkop.mo_device)-1) { + fatal(); + fprintf(stderr, "Device name too long: %s\n", source); + return -E2BIG; + } + strncpy(mkop.mo_device, source, sizeof(mkop.mo_device)); ret = osd_prepare_lustre(&mkop, default_mountopts, sizeof(default_mountopts), diff --git a/lustre/utils/mount_utils_ldiskfs.c b/lustre/utils/mount_utils_ldiskfs.c index 4c75200..728c349 100644 --- a/lustre/utils/mount_utils_ldiskfs.c +++ b/lustre/utils/mount_utils_ldiskfs.c @@ -1130,9 +1130,17 @@ static char *absolute_path(char *devname) return NULL; } strcat(buf, "/"); - strcat(buf, devname); + if (strlen(devname) > sizeof(buf)-strlen(buf)-1) { + free(path); + return NULL; + } + strncat(buf, devname, sizeof(buf)-strlen(buf)-1); } else { - strcpy(buf, devname); + if (strlen(devname) > sizeof(buf)-1) { + free(path); + return NULL; + } + strncpy(buf, devname, sizeof(buf)); } /* truncate filename before calling realpath */ ptr = strrchr(buf, '/'); diff --git a/lustre/utils/obd.c b/lustre/utils/obd.c index ca2aec8..d3660e6 100644 --- a/lustre/utils/obd.c +++ b/lustre/utils/obd.c @@ -3240,7 +3240,9 @@ static int check_and_complete_ostname(char *fsname, char *ostname) ostname, fsname); return -EINVAL; } else { - strcpy(real_ostname, ostname); + if (strlen(ostname) > sizeof(real_ostname)-1) + return -E2BIG; + strncpy(real_ostname, ostname, sizeof(real_ostname)); } /* real_ostname is fsname-????? */ ptr = real_ostname + strlen(fsname) + 1; @@ -3715,15 +3717,24 @@ int jt_changelog_register(int argc, char **argv) } obd_ioctl_unpack(&data, buf, sizeof(rawbuf)); - if (data.ioc_u32_1 == 0) { - fprintf(stderr, "received invalid userid!\n"); - return EPROTO; - } + if (data.ioc_u32_1 == 0) { + fprintf(stderr, "received invalid userid!\n"); + return -EPROTO; + } - if (lcfg_get_devname() != NULL) - strcpy(devname, lcfg_get_devname()); - else - sprintf(devname, "dev %d", cur_device); + if (lcfg_get_devname() != NULL) { + if (strlen(lcfg_get_devname()) > sizeof(devname)-1) { + fprintf(stderr, "Dev name too long\n"); + return -E2BIG; + } + strncpy(devname, lcfg_get_devname(), sizeof(devname)); + } else { + if (snprintf(devname, sizeof(devname), "dev %d", cur_device) >= + sizeof(devname)) { + fprintf(stderr, "Dev name too long\n"); + return -E2BIG; + } + } if (argc == 2) /* -n means bare name */ @@ -3771,17 +3782,26 @@ int jt_changelog_deregister(int argc, char **argv) } obd_ioctl_unpack(&data, buf, sizeof(rawbuf)); - if (data.ioc_u32_1 != id) { - fprintf(stderr, "No changelog user '%s'. Blocking user" - " is '"CHANGELOG_USER_PREFIX"%d'.\n", argv[1], - data.ioc_u32_1); - return ENOENT; - } + if (data.ioc_u32_1 != id) { + fprintf(stderr, "No changelog user '%s'. Blocking user" + " is '"CHANGELOG_USER_PREFIX"%d'.\n", argv[1], + data.ioc_u32_1); + return -ENOENT; + } - if (lcfg_get_devname() != NULL) - strcpy(devname, lcfg_get_devname()); - else - sprintf(devname, "dev %d", cur_device); + if (lcfg_get_devname() != NULL) { + if (strlen(lcfg_get_devname()) > sizeof(devname)-1) { + fprintf(stderr, "Dev name too long\n"); + return -E2BIG; + } + strncpy(devname, lcfg_get_devname(), sizeof(devname)); + } else { + if (snprintf(devname, sizeof(devname), "dev %d", cur_device) >= + sizeof(devname)) { + fprintf(stderr, "Dev name too long\n"); + return -E2BIG; + } + } printf("%s: Deregistered changelog user '"CHANGELOG_USER_PREFIX"%d'\n", devname, data.ioc_u32_1); -- 1.8.3.1