[Cluster-devel] [PATCH 06/41] libcman: switch to strncpy to avoid possible buffer overflows
Fabio M. Di Nitto
fdinitto at redhat.com
Wed Nov 23 10:15:25 UTC 2011
Spotted by Coverity Scan
Signed-off-by: Fabio M. Di Nitto <fdinitto at redhat.com>
---
:100644 100644 ae6c709... b49cf6f... M cman/lib/libcman.c
cman/lib/libcman.c | 30 +++++++++++++++---------------
1 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/cman/lib/libcman.c b/cman/lib/libcman.c
index ae6c709..b49cf6f 100644
--- a/cman/lib/libcman.c
+++ b/cman/lib/libcman.c
@@ -82,7 +82,7 @@ static void copy_node(cman_node_t *unode, struct cl_cluster_node *knode)
{
unode->cn_nodeid = knode->node_id;
unode->cn_member = knode->state == NODESTATE_MEMBER?1:0;
- strcpy(unode->cn_name, knode->name);
+ strncpy(unode->cn_name, knode->name, sizeof(unode->cn_name) - 1);
unode->cn_incarnation = knode->incarnation;
unode->cn_jointime = knode->jointime;
@@ -678,14 +678,14 @@ int cman_get_node(cman_handle_t handle, int nodeid, cman_node_t *node)
int status;
VALIDATE_HANDLE(h);
- if (!node || strlen(node->cn_name) > sizeof(cman_node.name))
+ if (!node || strlen(node->cn_name) >= sizeof(cman_node.name))
{
errno = EINVAL;
return -1;
}
cman_node.node_id = nodeid;
- strcpy(cman_node.name, node->cn_name);
+ strncpy(cman_node.name, node->cn_name, sizeof(cman_node.name) - 1);
status = info_call(h, CMAN_CMD_GETNODE, &cman_node, sizeof(struct cl_cluster_node),
&cman_node, sizeof(struct cl_cluster_node));
if (status < 0)
@@ -905,14 +905,14 @@ int cman_barrier_register(cman_handle_t handle, const char *name, int flags, int
struct cl_barrier_info binfo;
VALIDATE_HANDLE(h);
- if (strlen(name) > MAX_BARRIER_NAME_LEN)
+ if (strlen(name) >= MAX_BARRIER_NAME_LEN)
{
errno = EINVAL;
return -1;
}
binfo.cmd = BARRIER_CMD_REGISTER;
- strcpy(binfo.name, name);
+ strncpy(binfo.name, name, sizeof(binfo.name) - 1);
binfo.arg = nodes;
binfo.flags = flags;
@@ -926,14 +926,14 @@ int cman_barrier_change(cman_handle_t handle, const char *name, int flags, int a
struct cl_barrier_info binfo;
VALIDATE_HANDLE(h);
- if (strlen(name) > MAX_BARRIER_NAME_LEN)
+ if (strlen(name) >= MAX_BARRIER_NAME_LEN)
{
errno = EINVAL;
return -1;
}
binfo.cmd = BARRIER_CMD_CHANGE;
- strcpy(binfo.name, name);
+ strncpy(binfo.name, name, sizeof(binfo.name) - 1);
binfo.arg = arg;
binfo.flags = flags;
@@ -947,14 +947,14 @@ int cman_barrier_wait(cman_handle_t handle, const char *name)
struct cl_barrier_info binfo;
VALIDATE_HANDLE(h);
- if (strlen(name) > MAX_BARRIER_NAME_LEN)
+ if (strlen(name) >= MAX_BARRIER_NAME_LEN)
{
errno = EINVAL;
return -1;
}
binfo.cmd = BARRIER_CMD_WAIT;
- strcpy(binfo.name, name);
+ strncpy(binfo.name, name, sizeof(binfo.name) - 1);
return info_call(h, CMAN_CMD_BARRIER, &binfo, sizeof(binfo), NULL, 0);
}
@@ -965,14 +965,14 @@ int cman_barrier_delete(cman_handle_t handle, const char *name)
struct cl_barrier_info binfo;
VALIDATE_HANDLE(h);
- if (strlen(name) > MAX_BARRIER_NAME_LEN)
+ if (strlen(name) >= MAX_BARRIER_NAME_LEN)
{
errno = EINVAL;
return -1;
}
binfo.cmd = BARRIER_CMD_DELETE;
- strcpy(binfo.name, name);
+ strncpy(binfo.name, name, sizeof(binfo.name) - 1);
return info_call(h, CMAN_CMD_BARRIER, &binfo, sizeof(binfo), NULL, 0);
}
@@ -1019,7 +1019,7 @@ static int cman_set_quorum_device(cman_handle_t handle,
VALIDATE_HANDLE(h);
memcpy(buf, &votes, sizeof(int));
- strcpy(buf+sizeof(int), name);
+ strncpy(buf+sizeof(int), name, strlen(name)+1 + sizeof(int) - 1);
return info_call(h, ops, buf, strlen(name)+1+sizeof(int), NULL, 0);
}
@@ -1059,7 +1059,7 @@ int cman_get_quorum_device(cman_handle_t handle, struct cman_qdev_info *info)
cman_node.node_id = CLUSTER_GETNODE_QUORUMDEV;
ret = info_call(h, CMAN_CMD_GETNODE, &cman_node, sizeof(cman_node), &cman_node, sizeof(cman_node));
if (!ret) {
- strcpy(info->qi_name, cman_node.name);
+ strncpy(info->qi_name, cman_node.name, sizeof(info->qi_name) - 1);
info->qi_state = cman_node.state;
info->qi_votes = cman_node.votes;
}
@@ -1087,7 +1087,7 @@ int cman_get_fenceinfo(cman_handle_t handle, int nodeid, uint64_t *time, int *fe
if (!ret) {
*time = f.fence_time;
if (agent)
- strcpy(agent, f.fence_agent);
+ strncpy(agent, f.fence_agent, sizeof(f.fence_agent) - 1);
*fenced = ((f.flags & FENCE_FLAGS_FENCED) != 0);
}
return ret;
@@ -1131,6 +1131,6 @@ int cman_node_fenced(cman_handle_t handle, int nodeid, uint64_t time, char *agen
f.nodeid = nodeid;
f.fence_time = time;
- strcpy(f.fence_agent, agent);
+ strncpy(f.fence_agent, agent, sizeof(f.fence_agent) - 1);
return info_call(h, CMAN_CMD_UPDATE_FENCE_INFO, &f, sizeof(f), NULL, 0);
}
--
1.7.4.4
More information about the Cluster-devel
mailing list