From mboxrd@z Thu Jan  1 00:00:00 1970
From: Fabio M. Di Nitto <fdinitto@redhat.com>
Date: Wed, 23 Nov 2011 11:15:48 +0100
Subject: [Cluster-devel] [PATCH 29/41] qdiskd: add strlen check to avoid
	memory corruption
In-Reply-To: <1322043360-17037-1-git-send-email-fdinitto@redhat.com>
References: <1322043360-17037-1-git-send-email-fdinitto@redhat.com>
Message-ID: <e7c7ac81c7d56efad0ec7ca0593388a90e122e65.1322043045.git.fdinitto@redhat.com>
List-Id: <cluster-devel.redhat.com>
To: cluster-devel.redhat.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

and fix a few impossible buffer overflows

Spotted by Coverity Scan

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
:100644 100644 d5926f9... 929b152... M	cman/qdisk/daemon_init.c
 cman/qdisk/daemon_init.c |   14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/cman/qdisk/daemon_init.c b/cman/qdisk/daemon_init.c
index d5926f9..929b152 100644
--- a/cman/qdisk/daemon_init.c
+++ b/cman/qdisk/daemon_init.c
@@ -48,11 +48,12 @@ check_pid_valid(pid_t pid, char *prog)
 	char dirpath[PATH_MAX];
 	char proc_cmdline[64];	/* yank this from kernel somewhere */
 	char *s = NULL;
+	size_t proc_cmdline_len = 0;
 
 	memset(filename, 0, PATH_MAX);
 	memset(dirpath, 0, PATH_MAX);
 
-	snprintf(dirpath, sizeof (dirpath), "/proc/%d", pid);
+	snprintf(dirpath, sizeof (dirpath) - 1, "/proc/%d", pid);
 	if ((dir = opendir(dirpath)) == NULL) {
 		closedir(dir);
 		return 0;	/* Pid has gone away. */
@@ -63,7 +64,7 @@ check_pid_valid(pid_t pid, char *prog)
 	 * proc-pid directory exists.  Now check to see if this
 	 * PID corresponds to the daemon we want to start.
 	 */
-	snprintf(filename, sizeof (filename), "/proc/%d/cmdline", pid);
+	snprintf(filename, sizeof (filename) - 1, "/proc/%d/cmdline", pid);
 	fp = fopen(filename, "r");
 	if (fp == NULL) {
 		perror("check_pid_valid");
@@ -83,9 +84,12 @@ check_pid_valid(pid_t pid, char *prog)
 	}
 	fclose(fp);
 
-	s = &(proc_cmdline[strlen(proc_cmdline)]);
-	if (*s == '\n')
-		*s = 0;
+	proc_cmdline_len = strlen(proc_cmdline);
+	if (proc_cmdline_len) {
+		s = &(proc_cmdline[proc_cmdline_len]);
+		if (*s == '\n')
+			*s = 0;
+	}
 
 	/*
 	 * Check to see if this is the same executable.
-- 
1.7.4.4