From mboxrd@z Thu Jan 1 00:00:00 1970 From: Fabio M. Di Nitto Date: Wed, 23 Nov 2011 11:15:41 +0100 Subject: [Cluster-devel] [PATCH 22/41] cman: fix several virtually impossible buffer overflows In-Reply-To: <1322043360-17037-1-git-send-email-fdinitto@redhat.com> References: <1322043360-17037-1-git-send-email-fdinitto@redhat.com> Message-ID: <2c3aad52b6fea7c5bfef5c29aa070adabe5f34a3.1322043045.git.fdinitto@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Spotted by Coverity Scan Signed-off-by: Fabio M. Di Nitto --- :100644 100644 6b5640a... ea5020c... M cman/daemon/ais.c :100644 100644 37283ba... c356abe... M cman/daemon/barrier.c :100644 100644 d632c17... baf94df... M cman/daemon/cman-preconfig.c :100644 100644 d3009d0... 7eb52e4... M cman/daemon/cmanconfig.c :100644 100644 6b61332... f397234... M cman/daemon/commands.c cman/daemon/ais.c | 2 +- cman/daemon/barrier.c | 6 +- cman/daemon/cman-preconfig.c | 114 +++++++++++++++++++++--------------------- cman/daemon/cmanconfig.c | 2 +- cman/daemon/commands.c | 18 +++--- 5 files changed, 71 insertions(+), 71 deletions(-) diff --git a/cman/daemon/ais.c b/cman/daemon/ais.c index 6b5640a..ea5020c 100644 --- a/cman/daemon/ais.c +++ b/cman/daemon/ais.c @@ -213,7 +213,7 @@ static int cman_exec_init_fn(struct corosync_api_v1 *api) cman_init(api); /* Let cman_tool know we are running and our PID */ - sprintf(pipe_msg,"SUCCESS: %d", getpid()); + snprintf(pipe_msg, sizeof(pipe_msg) - 1,"SUCCESS: %d", getpid()); write_cman_pipe(pipe_msg); close(startup_pipe); startup_pipe = 0; diff --git a/cman/daemon/barrier.c b/cman/daemon/barrier.c index 37283ba..c356abe 100644 --- a/cman/daemon/barrier.c +++ b/cman/daemon/barrier.c @@ -101,7 +101,7 @@ static void check_barrier_complete_phase1(struct cl_barrier *barrier) bmsg.cmd = CLUSTER_MSG_BARRIER; bmsg.subcmd = BARRIER_COMPLETE; - strcpy(bmsg.name, barrier->name); + strncpy(bmsg.name, barrier->name, MAX_BARRIER_NAME_LEN - 1); log_printf(LOGSYS_LEVEL_DEBUG, "barrier: Sending COMPLETE for %s\n", barrier->name); comms_send_message((char *) &bmsg, sizeof (bmsg), @@ -160,7 +160,7 @@ static struct cl_barrier *alloc_barrier(char *name, int nodes) } memset(barrier, 0, sizeof (*barrier)); - strcpy(barrier->name, name); + strncpy(barrier->name, name, MAX_BARRIER_NAME_LEN - 1); barrier->flags = 0; barrier->expected_nodes = nodes; barrier->got_nodes = 0; @@ -268,7 +268,7 @@ static int barrier_setattr_enabled(struct cl_barrier *barrier, /* Send it to the rest of the cluster */ bmsg.cmd = CLUSTER_MSG_BARRIER; bmsg.subcmd = BARRIER_WAIT; - strcpy(bmsg.name, barrier->name); + strncpy(bmsg.name, barrier->name, MAX_BARRIER_NAME_LEN - 1); barrier->waitsent = 1; barrier->phase = 1; diff --git a/cman/daemon/cman-preconfig.c b/cman/daemon/cman-preconfig.c index d632c17..baf94df 100644 --- a/cman/daemon/cman-preconfig.c +++ b/cman/daemon/cman-preconfig.c @@ -302,14 +302,14 @@ static int add_ifaddr(struct objdb_iface_ver0 *objdb, char *mcast, char *ifaddr, /* Check the families match */ if (address_family(mcast, &mcast_addr, 0) != address_family(ifaddr, &if_addr, mcast_addr.ss_family)) { - sprintf(error_reason, "Node address family does not match multicast address family"); + snprintf(error_reason, sizeof(error_reason) - 1, "Node address family does not match multicast address family"); return -1; } /* Check it's not bound to localhost, sigh */ get_localhost(if_addr.ss_family, &localhost); if (ipaddr_equal(&localhost, &if_addr)) { - sprintf(error_reason, "Node name resolves to localhost, please check /etc/hosts and assign this node a network IP address"); + snprintf(error_reason, sizeof(error_reason) - 1, "Node name resolves to localhost, please check /etc/hosts and assign this node a network IP address"); return -1; } @@ -325,7 +325,7 @@ static int add_ifaddr(struct objdb_iface_ver0 *objdb, char *mcast, char *ifaddr, objdb->object_key_create_typed(totem_object_handle, "transport", tx_mech_to_str[transport], strlen(tx_mech_to_str[transport]) + 1, OBJDB_VALUETYPE_STRING); } else { - sprintf(error_reason, "Transport should not be specified within , use instead"); + snprintf(error_reason, sizeof(error_reason) - 1, "Transport should not be specified within , use instead"); return -1; } } @@ -336,7 +336,7 @@ static int add_ifaddr(struct objdb_iface_ver0 *objdb, char *mcast, char *ifaddr, struct sockaddr_in6 *in6= (struct sockaddr_in6 *)&if_addr; void *addrptr; - sprintf(tmp, "%d", num_interfaces); + snprintf(tmp, sizeof(tmp) - 1, "%d", num_interfaces); objdb->object_key_create_typed(interface_object_handle, "ringnumber", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); @@ -363,19 +363,19 @@ static int add_ifaddr(struct objdb_iface_ver0 *objdb, char *mcast, char *ifaddr, break; } - sprintf(tmp, "%d", port); + snprintf(tmp, sizeof(tmp) - 1, "%d", port); objdb->object_key_create_typed(interface_object_handle, "mcastport", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); /* paranoia check. corosync already does it */ if ((ttl < 0) || (ttl > 255)) { - sprintf(error_reason, "TTL value (%u) out of range (0 - 255)", ttl); + snprintf(error_reason, sizeof(error_reason) - 1, "TTL value (%u) out of range (0 - 255)", ttl); return -1; } /* add the key to the objdb only if value is not default */ if (ttl != 1) { - sprintf(tmp, "%d", ttl); + snprintf(tmp, sizeof(tmp) - 1, "%d", ttl); objdb->object_key_create_typed(interface_object_handle, "ttl", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); } @@ -412,7 +412,7 @@ static char *default_mcast(char *node, int altiface) default a multicast address */ ret = getaddrinfo(node, NULL, &ahints, &ainfo); if (ret) { - sprintf(error_reason, "Can't determine address family of nodename %s\n", node); + snprintf(error_reason, sizeof(error_reason) - 1, "Can't determine address family of nodename %s\n", node); write_cman_pipe("Can't determine address family of nodename"); return NULL; } @@ -448,13 +448,13 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node) return 0; /* If nodename was from uname, try a domain-less version of it */ - strcpy(nodename2, node); + strncpy(nodename2, node, sizeof(nodename2) - 1); dot = strchr(nodename2, '.'); if (dot) { *dot = '\0'; if (nodelist_byname(objdb, cluster_parent_handle, nodename2)) { - strcpy(node, nodename2); + strncpy(node, nodename2, MAX_CLUSTER_MEMBER_NAME_LEN - 1); return 0; } } @@ -466,12 +466,12 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node) int len; if (objdb_get_string(objdb, nodes_handle, "name", &str)) { - sprintf(error_reason, "Cannot get node name"); + snprintf(error_reason, sizeof(error_reason) - 1, "Cannot get node name"); nodes_handle = nodeslist_next(objdb, find_handle); continue; } - strcpy(nodename3, str); + strncpy(nodename3, str, sizeof(nodename3) - 1); dot = strchr(nodename3, '.'); if (dot) len = dot-nodename3; @@ -480,7 +480,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node) if (strlen(nodename2) == len && !strncmp(nodename2, nodename3, len)) { - strcpy(node, str); + strncpy(node, str, sizeof(nodename) - 1); return 0; } nodes_handle = nodeslist_next(objdb, find_handle); @@ -499,7 +499,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node) socklen_t salen = 0; /* Restore this */ - strcpy(nodename2, node); + strncpy(nodename2, node, sizeof(nodename2) - 1); sa = ifa->ifa_addr; if (!sa) continue; @@ -516,7 +516,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node) if (!error) { if (nodelist_byname(objdb, cluster_parent_handle, nodename2)) { - strcpy(node, nodename2); + strncpy(node, nodename2, sizeof(nodename) - 1); goto out; } @@ -526,7 +526,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node) *dot = '\0'; if (nodelist_byname(objdb, cluster_parent_handle, nodename2)) { - strcpy(node, nodename2); + strncpy(node, nodename2, sizeof(nodename) - 1); goto out; } } @@ -539,7 +539,7 @@ static int verify_nodename(struct objdb_iface_ver0 *objdb, char *node) continue; if (nodelist_byname(objdb, cluster_parent_handle, nodename2)) { - strcpy(node, nodename2); + strncpy(node, nodename2, sizeof(nodename) - 1); goto out; } } @@ -626,16 +626,16 @@ static int get_nodename(struct objdb_iface_ver0 *objdb) /* our nodename */ if (nodename_env != NULL) { if (strlen(nodename_env) >= sizeof(nodename)) { - sprintf(error_reason, "Overridden node name %s is too long", nodename); + snprintf(error_reason, sizeof(error_reason) - 1, "Overridden node name %s is too long", nodename); write_cman_pipe("Overridden node name is too long"); error = -1; goto out; } - strcpy(nodename, nodename_env); + strncpy(nodename, nodename_env, sizeof(nodename) - 1); if (!(node_object_handle = nodelist_byname(objdb, cluster_parent_handle, nodename))) { - sprintf(error_reason, "Overridden node name %s is not in CCS", nodename); + snprintf(error_reason, sizeof(error_reason) - 1, "Overridden node name %s is not in CCS", nodename); write_cman_pipe("Overridden node name is not in CCS"); error = -1; goto out; @@ -646,20 +646,20 @@ static int get_nodename(struct objdb_iface_ver0 *objdb) error = uname(&utsname); if (error) { - sprintf(error_reason, "cannot get node name, uname failed"); + snprintf(error_reason, sizeof(error_reason) - 1, "cannot get node name, uname failed"); write_cman_pipe("Can't determine local node name, uname failed"); error = -1; goto out; } if (strlen(utsname.nodename) >= sizeof(nodename)) { - sprintf(error_reason, "node name from uname is too long"); + snprintf(error_reason, sizeof(error_reason) - 1, "node name from uname is too long"); write_cman_pipe("local node name is too long"); error = -1; goto out; } - strcpy(nodename, utsname.nodename); + strncpy(nodename, utsname.nodename, sizeof(nodename) - 1); } if (verify_nodename(objdb, nodename)) { write_cman_pipe("Cannot find node name in cluster.conf"); @@ -671,7 +671,7 @@ static int get_nodename(struct objdb_iface_ver0 *objdb) /* Add bits to pass down to the main module*/ if ( (node_object_handle = nodelist_byname(objdb, cluster_parent_handle, nodename))) { if (objdb_get_string(objdb, node_object_handle, "nodeid", &nodeid_str)) { - sprintf(error_reason, "This node has no nodeid in cluster.conf"); + snprintf(error_reason, sizeof(error_reason) - 1, "This node has no nodeid in cluster.conf"); write_cman_pipe("This node has no nodeid in cluster.conf"); return -1; } @@ -711,7 +711,7 @@ static int get_nodename(struct objdb_iface_ver0 *objdb) objdb->object_find_destroy(find_handle); if (!nodeid_str) { - sprintf(error_reason, "This node has no nodeid in cluster.conf"); + snprintf(error_reason, sizeof(error_reason) - 1, "This node has no nodeid in cluster.conf"); write_cman_pipe("This node has no nodeid in cluster.conf"); return -1; } @@ -746,7 +746,7 @@ static int get_nodename(struct objdb_iface_ver0 *objdb) if (transport != TX_MECH_UDPB) { transport = TX_MECH_UDPU; } else { - sprintf(error_reason, "Transport and broadcast option are mutually exclusive"); + snprintf(error_reason, sizeof(error_reason) - 1, "Transport and broadcast option are mutually exclusive"); write_cman_pipe("Transport and broadcast option are mutually exclusive"); return -1; } @@ -754,12 +754,12 @@ static int get_nodename(struct objdb_iface_ver0 *objdb) if (transport != TX_MECH_UDPB) { transport = TX_MECH_RDMA; } else { - sprintf(error_reason, "Transport and broadcast option are mutually exclusive"); + snprintf(error_reason, sizeof(error_reason) - 1, "Transport and broadcast option are mutually exclusive"); write_cman_pipe("Transport and broadcast option are mutually exclusive"); return -1; } } else { - sprintf(error_reason, "Transport option value can be one of udp, udpb, udpu, rdma"); + snprintf(error_reason, sizeof(error_reason) - 1, "Transport option value can be one of udp, udpb, udpu, rdma"); write_cman_pipe("Transport option value can be one of udp, udpb, udpu, rdma"); return -1; } @@ -931,7 +931,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb) objdb->object_key_create_typed(object_handle, "version", "2", 2, OBJDB_VALUETYPE_STRING); - sprintf(tmp, "%d", nodeid); + snprintf(tmp, sizeof(tmp) - 1, "%d", nodeid); objdb->object_key_create_typed(object_handle, "nodeid", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); @@ -941,7 +941,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb) /* Set the token timeout is 10 seconds, but don't overrride anything that might be in cluster.conf */ if (objdb_get_string(objdb, object_handle, "token", &value)) { - snprintf(tmp, sizeof(tmp), "%d", DEFAULT_TOKEN_TIMEOUT); + snprintf(tmp, sizeof(tmp) - 1, "%d", DEFAULT_TOKEN_TIMEOUT); objdb->object_key_create_typed(object_handle, "token", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); } @@ -976,7 +976,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb) if (objdb_get_string(objdb, object_handle, "consensus", &value)) { unsigned int token=0; unsigned int consensus; - char calc_consensus[32]; + char calc_consensus[64]; objdb_get_int(objdb, object_handle, "token", &token, DEFAULT_TOKEN_TIMEOUT); @@ -990,7 +990,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb) consensus = 2000; } - snprintf(calc_consensus, sizeof(calc_consensus), "%d", consensus); + snprintf(calc_consensus, sizeof(calc_consensus) - 1, "%d", consensus); objdb->object_key_create_typed(object_handle, "consensus", calc_consensus, strlen(calc_consensus)+1, OBJDB_VALUETYPE_STRING); } @@ -1015,7 +1015,7 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb) } if (objdb_get_string(objdb, object_handle, "secauth", &value)) { - sprintf(tmp, "%d", 1); + snprintf(tmp, sizeof(tmp) - 1, "%d", 1); objdb->object_key_create_typed(object_handle, "secauth", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); } @@ -1067,13 +1067,13 @@ static void add_cman_overrides(struct objdb_iface_ver0 *objdb) { char str[255]; - sprintf(str, "%d", cluster_id); + snprintf(str, sizeof(str) - 1, "%d", cluster_id); objdb->object_key_create_typed(object_handle, "cluster_id", str, strlen(str) + 1, OBJDB_VALUETYPE_STRING); if (two_node) { - sprintf(str, "%d", 1); + snprintf(str, sizeof(str) - 1, "%d", 1); objdb->object_key_create_typed(object_handle, "two_node", str, strlen(str) + 1, OBJDB_VALUETYPE_STRING); } @@ -1118,7 +1118,7 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb) /* Enforce key */ key_filename = strdup(NOCCS_KEY_FILENAME); if (!key_filename) { - sprintf(error_reason, "cannot allocate memory for key file name"); + snprintf(error_reason, sizeof(error_reason) - 1, "cannot allocate memory for key file name"); write_cman_pipe("cannot allocate memory for key file name"); return -1; } @@ -1127,7 +1127,7 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb) cluster_name = strdup(DEFAULT_CLUSTER_NAME); if (!cluster_name) { - sprintf(error_reason, "cannot allocate memory for cluster_name"); + snprintf(error_reason, sizeof(error_reason) - 1, "cannot allocate memory for cluster_name"); write_cman_pipe("cannot allocate memory for cluster_name"); return -1; } @@ -1138,7 +1138,7 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb) else cluster_id = generate_cluster_id(cluster_name); - sprintf(error_reason, "Generated cluster id for '%s' is %d\n", cluster_name, cluster_id); + snprintf(error_reason, sizeof(error_reason) - 1, "Generated cluster id for '%s' is %d\n", cluster_name, cluster_id); } if (!nodename_env) { @@ -1147,14 +1147,14 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb) error = uname(&utsname); if (error) { - sprintf(error_reason, "cannot get node name, uname failed"); + snprintf(error_reason, sizeof(error_reason) - 1, "cannot get node name, uname failed"); write_cman_pipe("Can't determine local node name"); return -1; } nodename_env = (char *)&utsname.nodename; } - strcpy(nodename, nodename_env); + strncpy(nodename, nodename_env, sizeof(nodename) - 1); num_nodenames = 1; if (!mcast_name) { @@ -1179,7 +1179,7 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb) memset(&ahints, 0, sizeof(ahints)); ret = getaddrinfo(nodename, NULL, &ahints, &ainfo); if (ret) { - sprintf(error_reason, "Can't determine address family of nodename %s\n", nodename); + snprintf(error_reason, sizeof(error_reason) - 1, "Can't determine address family of nodename %s\n", nodename); write_cman_pipe("Can't determine address family of nodename"); return -1; } @@ -1203,11 +1203,11 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb) objdb->object_key_create_typed(object_handle, "name", nodename, strlen(nodename)+1, OBJDB_VALUETYPE_STRING); - sprintf(tmp, "%d", votes); + snprintf(tmp, sizeof(tmp) - 1, "%d", votes); objdb->object_key_create_typed(object_handle, "votes", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); - sprintf(tmp, "%d", nodeid); + snprintf(tmp, sizeof(tmp) - 1, "%d", nodeid); objdb->object_key_create_typed(object_handle, "nodeid", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); @@ -1222,11 +1222,11 @@ static int set_noccs_defaults(struct objdb_iface_ver0 *objdb) objdb->object_create(cluster_parent_handle, &object_handle, "cman", strlen("cman")); } - sprintf(tmp, "%d", cluster_id); + snprintf(tmp, sizeof(tmp) - 1, "%d", cluster_id); objdb->object_key_create_typed(object_handle, "cluster_id", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); - sprintf(tmp, "%d", expected_votes); + snprintf(tmp, sizeof(tmp) - 1, "%d", expected_votes); objdb->object_key_create_typed(object_handle, "expected_votes", tmp, strlen(tmp)+1, OBJDB_VALUETYPE_STRING); @@ -1269,7 +1269,7 @@ static int copy_config_tree(struct objdb_iface_ver0 *objdb, hdb_handle_t source_ /* Create sub-objects */ res = objdb->object_find_create(source_object, NULL, 0, &find_handle); if (res) { - sprintf(error_reason, "error resetting object iterator for object %ud: %d\n", (unsigned int)source_object, res); + snprintf(error_reason, sizeof(error_reason) - 1, "error resetting object iterator for object %ud: %d\n", (unsigned int)source_object, res); return -1; } @@ -1310,13 +1310,13 @@ static int get_cman_globals(struct objdb_iface_ver0 *objdb) objdb_get_string(objdb, cluster_parent_handle, "name", &cluster_name); if (!cluster_name) { - sprintf(error_reason, "Unable to determine cluster name.\n"); + snprintf(error_reason, sizeof(error_reason) - 1, "Unable to determine cluster name.\n"); write_cman_pipe("Unable to determine cluster name.\n"); return -1; } if (strlen(cluster_name) > 15) { - sprintf(error_reason, "%s\n", "Invalid cluster name. It must be 15 characters or fewer\n"); + snprintf(error_reason, sizeof(error_reason) - 1, "Invalid cluster name. It must be 15 characters or fewer\n\n"); write_cman_pipe("Invalid cluster name. It must be 15 characters or fewer\n"); return -1; } @@ -1345,7 +1345,7 @@ static int get_cman_globals(struct objdb_iface_ver0 *objdb) else cluster_id = generate_cluster_id(cluster_name); - sprintf(error_reason, "Generated cluster id for '%s' is %d\n", cluster_name, cluster_id); + snprintf(error_reason, sizeof(error_reason) - 1, "Generated cluster id for '%s' is %d\n", cluster_name, cluster_id); } } objdb->object_find_destroy(find_handle); @@ -1363,7 +1363,7 @@ static int cmanpre_reloadconfig(struct objdb_iface_ver0 *objdb, int flush, const /* don't reload if we've been told to run configless */ if (getenv("CMAN_NOCONFIG")) { - sprintf(error_reason, "Config not updated because we were run with cman_tool -X"); + snprintf(error_reason, sizeof(error_reason) - 1, "Config not updated because we were run with cman_tool -X"); ret = 0; goto err; } @@ -1372,12 +1372,12 @@ static int cmanpre_reloadconfig(struct objdb_iface_ver0 *objdb, int flush, const objdb->object_find_create(OBJECT_PARENT_HANDLE, "cluster", strlen("cluster"), &find_handle); objdb->object_find_next(find_handle, &cluster_parent_handle); if (!cluster_parent_handle) { - sprintf (error_reason, "%s", "Cannot find old /cluster/ key in configuration\n"); + snprintf (error_reason, sizeof(error_reason) - 1, "Cannot find old /cluster/ key in configuration\n"); goto err; } objdb->object_find_next(find_handle, &cluster_parent_handle_new); if (!cluster_parent_handle_new) { - sprintf (error_reason, "%s", "Cannot find new /cluster/ key in configuration\n"); + snprintf (error_reason, sizeof(error_reason) - 1, "Cannot find new /cluster/ key in configuration\n"); goto err; } objdb->object_find_destroy(find_handle); @@ -1387,7 +1387,7 @@ static int cmanpre_reloadconfig(struct objdb_iface_ver0 *objdb, int flush, const config_version = atoi(config_value); } else { /* it should never ever happen.. */ - sprintf (error_reason, "%s", "Cannot find old /cluster/config_version key in configuration\n"); + snprintf (error_reason, sizeof(error_reason) - 1, "Cannot find old /cluster/config_version key in configuration\n"); goto err; } } @@ -1399,14 +1399,14 @@ static int cmanpre_reloadconfig(struct objdb_iface_ver0 *objdb, int flush, const config_version_new = atoi(config_value); } else { objdb->object_destroy(cluster_parent_handle_new); - sprintf (error_reason, "%s", "Cannot find new /cluster/config_version key in configuration\n"); + snprintf (error_reason, sizeof(error_reason) - 1,"Cannot find new /cluster/config_version key in configuration\n"); goto err; } } if (config_version_new <= config_version) { objdb->object_destroy(cluster_parent_handle_new); - sprintf (error_reason, "%s", "New configuration version has to be newer than current running configuration\n"); + snprintf (error_reason, sizeof(error_reason) - 1, "New configuration version has to be newer than current running configuration\n"); goto err; } @@ -1600,11 +1600,11 @@ static int cmanpre_readconfig(struct objdb_iface_ver0 *objdb, const char **error if (!ret) { - sprintf (error_reason, "%s", "Successfully parsed cman config\n"); + snprintf(error_reason, sizeof(error_reason) - 1, "Successfully parsed cman config\n"); } else { if (error_reason[0] == '\0') - sprintf (error_reason, "%s", "Error parsing cman config\n"); + snprintf(error_reason, sizeof(error_reason) - 1, "Error parsing cman config\n"); } *error_string = error_reason; diff --git a/cman/daemon/cmanconfig.c b/cman/daemon/cmanconfig.c index d3009d0..7eb52e4 100644 --- a/cman/daemon/cmanconfig.c +++ b/cman/daemon/cmanconfig.c @@ -175,7 +175,7 @@ static int get_cman_join_info(struct corosync_api_v1 *corosync) goto out; } - strcpy(cluster_name, cname); + strncpy(cluster_name, cname, sizeof(cluster_name) - 1); expected_votes = 0; if (getenv("CMAN_EXPECTEDVOTES")) { diff --git a/cman/daemon/commands.c b/cman/daemon/commands.c index 6b61332..f397234 100644 --- a/cman/daemon/commands.c +++ b/cman/daemon/commands.c @@ -396,7 +396,7 @@ static void copy_to_usernode(struct cluster_node *node, struct totem_ip_address node_ifs[INTERFACE_MAX]; /* totempg_ifaces_get always copies INTERFACE_MAX addresses */ - strcpy(unode->name, node->name); + strncpy(unode->name, node->name, MAX_CLUSTER_MEMBER_NAME_LEN - 1); unode->jointime = node->join_time; unode->size = sizeof(struct cl_cluster_node); unode->votes = node->votes; @@ -421,7 +421,7 @@ int cman_set_nodename(char *name) if (ais_running) return -EALREADY; - strncpy(nodename, name, MAX_CLUSTER_MEMBER_NAME_LEN); + strncpy(nodename, name, MAX_CLUSTER_MEMBER_NAME_LEN - 1); return 0; } @@ -1401,7 +1401,7 @@ static int do_cmd_update_fence_info(char *cmdbuf) fence_msg->nodeid = f->nodeid; fence_msg->timesec = f->fence_time; fence_msg->fenced = 1; - strcpy(fence_msg->agent, f->fence_agent); + strncpy(fence_msg->agent, f->fence_agent, MAX_FENCE_AGENT_NAME_LEN - 1); comms_send_message(msg, sizeof(msg), 0,0, 0, 0); log_printf(LOGSYS_LEVEL_DEBUG, "memb: node %d fenced by %s\n", f->nodeid, f->fence_agent); @@ -1428,7 +1428,7 @@ static int do_cmd_get_fence_info(char *cmdbuf, char **retbuf, int retsize, int * f->flags = node->flags&NODE_FLAGS_FENCED; if (node->fence_agent) - strcpy(f->fence_agent, node->fence_agent); + strncpy(f->fence_agent, node->fence_agent, MAX_FENCE_AGENT_NAME_LEN - 1); else f->fence_agent[0] = '\0'; *retlen = sizeof(struct cl_fence_info); @@ -1867,10 +1867,10 @@ void send_transition_msg(int last_memb_count, int first_trans) msg->flags = us->flags; msg->fence_time = us->fence_time; msg->join_time = join_time; - strcpy(msg->clustername, cluster_name); + memcpy(msg->clustername, cluster_name, MAX_CLUSTER_NAME_LEN); if (us->fence_agent) { - strcpy(msg->fence_agent, us->fence_agent); + strncpy(msg->fence_agent, us->fence_agent, MAX_FENCE_AGENT_NAME_LEN - 1); len += strlen(us->fence_agent)+1; } else @@ -2128,7 +2128,7 @@ static void do_process_transition(int nodeid, char *data) fence_msg->nodeid = nodeid; fence_msg->timesec = node->fence_time; fence_msg->fenced = 0; - strcpy(fence_msg->agent, node->fence_agent); + strncpy(fence_msg->agent, node->fence_agent, MAX_FENCE_AGENT_NAME_LEN - 1); comms_send_message(fencemsg, sizeof(fencemsg), 0,0, nodeid, 0); } } @@ -2307,7 +2307,7 @@ void add_ais_node(int nodeid, uint64_t incar, int total_members) log_printf(LOG_ERR, "Got node from AIS id %d with no config entry\n", nodeid); /* Emergency nodename */ - sprintf(tempname, "Node%d", nodeid); + snprintf(tempname, sizeof(tempname) - 1, "Node%d", nodeid); node = add_new_node(tempname, nodeid, 1, total_members, NODESTATE_DEAD); if (!node) { log_printf(LOG_ERR, "Unable to add newnode!\n"); @@ -2432,7 +2432,7 @@ static const char *killmsg_reason(int reason) return "we rejoined the cluster without a full restart"; default: - sprintf(msg, "we got kill message number %d", reason); + snprintf(msg, sizeof(msg) - 1, "we got kill message number %d", reason); return msg; } } -- 1.7.4.4