[dm-devel] [PATCH 4/4] multipath: Fix a potential buffer overflow
Martin Wilck
mwilck at suse.com
Tue Jun 13 19:28:43 UTC 2017
Hi Bart,
On Tue, 2017-06-13 at 09:33 -0700, Bart Van Assche wrote:
> Avoid that gcc 7 reports the following warning:
>
> cli_handlers.c:1340:18: warning: '%d' directive writing between 1 and
> 3 bytes into a region of size 2 [-Wformat-overflow=]
> sprintf(*reply,"%d",mpp->prflag);
>
> Signed-off-by: Bart Van Assche <bart.vanassche at sandisk.com>
> ---
> multipathd/cli_handlers.c | 14 ++++++--------
> 1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/multipathd/cli_handlers.c b/multipathd/cli_handlers.c
> index 04c73866..460fea1f 100644
> --- a/multipathd/cli_handlers.c
> +++ b/multipathd/cli_handlers.c
> @@ -1,6 +1,9 @@
> /*
> * Copyright (c) 2005 Christophe Varoqui
> */
> +
> +#define _GNU_SOURCE
> +
> #include "checkers.h"
> #include "memory.h"
> #include "vector.h"
> @@ -1332,14 +1335,9 @@ cli_getprstatus (void * v, char ** reply, int
> * len, void * data)
>
> condlog(3, "%s: prflag = %u", param, (unsigned int)mpp-
> >prflag);
>
> - *reply =(char *)malloc(2);
> - *len = 2;
> - memset(*reply,0,2);
> -
> -
> - sprintf(*reply,"%d",mpp->prflag);
> - (*reply)[1]='\0';
> -
> + *len = asprintf(reply, "%d", mpp->prflag);
> + if (*len < 0)
> + return 1;
>
> condlog(3, "%s: reply = %s", param, *reply);
>
how about this simpler patch, as prflag is actually a boolean?
diff --git a/multipathd/cli_handlers.c b/multipathd/cli_handlers.c
index 04c73866..c31ebd34 100644
--- a/multipathd/cli_handlers.c
+++ b/multipathd/cli_handlers.c
@@ -1337,7 +1337,7 @@ cli_getprstatus (void * v, char ** reply, int * len, void * data)
memset(*reply,0,2);
- sprintf(*reply,"%d",mpp->prflag);
+ sprintf(*reply, "%d", !!mpp->prflag);
(*reply)[1]='\0';
--
Dr. Martin Wilck <mwilck at suse.com>, Tel. +49 (0)911 74053 2107
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
More information about the dm-devel
mailing list