117 lines
3.9 KiB
Diff
117 lines
3.9 KiB
Diff
|
From dd5ab40204b1d78ec3bdbcfd5a38a8ffb72bdb50 Mon Sep 17 00:00:00 2001
|
||
|
From: Kinga Tanska <kinga.tanska@intel.com>
|
||
|
Date: Thu, 11 May 2023 04:55:12 +0200
|
||
|
Subject: [PATCH 139/165] Fix unsafe string functions
|
||
|
|
||
|
Add string length limitations where necessary to
|
||
|
avoid buffer overflows.
|
||
|
|
||
|
Signed-off-by: Kinga Tanska <kinga.tanska@intel.com>
|
||
|
Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
|
||
|
---
|
||
|
mdmon.c | 6 +++---
|
||
|
mdopen.c | 4 ++--
|
||
|
platform-intel.c | 2 +-
|
||
|
super-intel.c | 6 +++---
|
||
|
4 files changed, 9 insertions(+), 9 deletions(-)
|
||
|
|
||
|
diff --git a/mdmon.c b/mdmon.c
|
||
|
index cef5bbc8..a2038fe6 100644
|
||
|
--- a/mdmon.c
|
||
|
+++ b/mdmon.c
|
||
|
@@ -240,7 +240,7 @@ static int make_control_sock(char *devname)
|
||
|
return -1;
|
||
|
|
||
|
addr.sun_family = PF_LOCAL;
|
||
|
- strcpy(addr.sun_path, path);
|
||
|
+ snprintf(addr.sun_path, sizeof(addr.sun_path), "%s", path);
|
||
|
umask(077); /* ensure no world write access */
|
||
|
if (bind(sfd, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
|
||
|
close(sfd);
|
||
|
@@ -389,7 +389,7 @@ int main(int argc, char *argv[])
|
||
|
|
||
|
if (all) {
|
||
|
struct mdstat_ent *mdstat, *e;
|
||
|
- int container_len = strlen(container_name);
|
||
|
+ int container_len = strnlen(container_name, MD_NAME_MAX);
|
||
|
|
||
|
/* launch an mdmon instance for each container found */
|
||
|
mdstat = mdstat_read(0, 0);
|
||
|
@@ -472,7 +472,7 @@ static int mdmon(char *devnm, int must_fork, int takeover)
|
||
|
pfd[0] = pfd[1] = -1;
|
||
|
|
||
|
container = xcalloc(1, sizeof(*container));
|
||
|
- strcpy(container->devnm, devnm);
|
||
|
+ snprintf(container->devnm, MD_NAME_MAX, "%s", devnm);
|
||
|
container->arrays = NULL;
|
||
|
container->sock = -1;
|
||
|
|
||
|
diff --git a/mdopen.c b/mdopen.c
|
||
|
index d3022a54..3daa71f9 100644
|
||
|
--- a/mdopen.c
|
||
|
+++ b/mdopen.c
|
||
|
@@ -193,14 +193,14 @@ int create_mddev(char *dev, char *name, int autof, int trustworthy,
|
||
|
|
||
|
if (dev) {
|
||
|
if (strncmp(dev, DEV_MD_DIR, DEV_MD_DIR_LEN) == 0) {
|
||
|
- strcpy(cname, dev + DEV_MD_DIR_LEN);
|
||
|
+ snprintf(cname, MD_NAME_MAX, "%s", dev + DEV_MD_DIR_LEN);
|
||
|
} else if (strncmp(dev, "/dev/", 5) == 0) {
|
||
|
char *e = dev + strlen(dev);
|
||
|
while (e > dev && isdigit(e[-1]))
|
||
|
e--;
|
||
|
if (e[0])
|
||
|
num = strtoul(e, NULL, 10);
|
||
|
- strcpy(cname, dev+5);
|
||
|
+ snprintf(cname, MD_NAME_MAX, "%s", dev + 5);
|
||
|
cname[e-(dev+5)] = 0;
|
||
|
/* name *must* be mdXX or md_dXX in this context */
|
||
|
if (num < 0 ||
|
||
|
diff --git a/platform-intel.c b/platform-intel.c
|
||
|
index 914164c0..eb6e1b7e 100644
|
||
|
--- a/platform-intel.c
|
||
|
+++ b/platform-intel.c
|
||
|
@@ -214,7 +214,7 @@ struct sys_dev *device_by_id_and_path(__u16 device_id, const char *path)
|
||
|
|
||
|
static int devpath_to_ll(const char *dev_path, const char *entry, unsigned long long *val)
|
||
|
{
|
||
|
- char path[strlen(dev_path) + strlen(entry) + 2];
|
||
|
+ char path[strnlen(dev_path, PATH_MAX) + strnlen(entry, PATH_MAX) + 2];
|
||
|
int fd;
|
||
|
int n;
|
||
|
|
||
|
diff --git a/super-intel.c b/super-intel.c
|
||
|
index 824c1356..ce813172 100644
|
||
|
--- a/super-intel.c
|
||
|
+++ b/super-intel.c
|
||
|
@@ -7043,7 +7043,7 @@ active_arrays_by_format(char *name, char* hba, struct md_list **devlist,
|
||
|
int fd = -1;
|
||
|
while (dev && !is_fd_valid(fd)) {
|
||
|
char *path = xmalloc(strlen(dev->name) + strlen("/dev/") + 1);
|
||
|
- num = sprintf(path, "%s%s", "/dev/", dev->name);
|
||
|
+ num = snprintf(path, PATH_MAX, "%s%s", "/dev/", dev->name);
|
||
|
if (num > 0)
|
||
|
fd = open(path, O_RDONLY, 0);
|
||
|
if (num <= 0 || !is_fd_valid(fd)) {
|
||
|
@@ -7935,7 +7935,7 @@ static int kill_subarray_imsm(struct supertype *st, char *subarray_id)
|
||
|
|
||
|
if (i < current_vol)
|
||
|
continue;
|
||
|
- sprintf(subarray, "%u", i);
|
||
|
+ snprintf(subarray, sizeof(subarray), "%u", i);
|
||
|
if (is_subarray_active(subarray, st->devnm)) {
|
||
|
pr_err("deleting subarray-%d would change the UUID of active subarray-%d, aborting\n",
|
||
|
current_vol, i);
|
||
|
@@ -11308,7 +11308,7 @@ static const char *imsm_get_disk_controller_domain(const char *path)
|
||
|
char *drv=NULL;
|
||
|
struct stat st;
|
||
|
|
||
|
- strcpy(disk_path, disk_by_path);
|
||
|
+ strncpy(disk_path, disk_by_path, PATH_MAX);
|
||
|
strncat(disk_path, path, PATH_MAX - strlen(disk_path) - 1);
|
||
|
if (stat(disk_path, &st) == 0) {
|
||
|
struct sys_dev* hba;
|
||
|
--
|
||
|
2.40.1
|
||
|
|