Fix unsafe string functions

author Kinga Tanska <kinga.tanska@intel.com>

Thu, 11 May 2023 02:55:12 +0000 (04:55 +0200)

committer Jes Sorensen <jes@trained-monkey.org>

Fri, 1 Sep 2023 16:09:07 +0000 (12:09 -0400)
author Kinga Tanska <kinga.tanska@intel.com>
Thu, 11 May 2023 02:55:12 +0000 (04:55 +0200)
committer Jes Sorensen <jes@trained-monkey.org>
Fri, 1 Sep 2023 16:09:07 +0000 (12:09 -0400)
diff --git a/mdmon.c b/mdmon.c

index cef5bbc8b0dd37d6e6fdfa42fa94ed41d2d19467..a2038fe6c35f9beea2a9d920c2abefef2aa6b19c 100644 (file)
--- a/mdmon.c
+++ b/mdmon.c
@@ -240,7 +240,7 @@ static int make_control_sock(char *devname)
                 return -1;
  
         addr.sun_family = PF_LOCAL;
-       strcpy(addr.sun_path, path);
+       snprintf(addr.sun_path, sizeof(addr.sun_path), "%s", path);
         umask(077); /* ensure no world write access */
         if (bind(sfd, (struct sockaddr*)&addr, sizeof(addr)) < 0) {
                 close(sfd);
@@ -389,7 +389,7 @@ int main(int argc, char *argv[])
  
         if (all) {
                 struct mdstat_ent *mdstat, *e;
-               int container_len = strlen(container_name);
+               int container_len = strnlen(container_name, MD_NAME_MAX);
  
                 /* launch an mdmon instance for each container found */
                 mdstat = mdstat_read(0, 0);
@@ -472,7 +472,7 @@ static int mdmon(char *devnm, int must_fork, int takeover)
                 pfd[0] = pfd[1] = -1;
  
         container = xcalloc(1, sizeof(*container));
-       strcpy(container->devnm, devnm);
+       snprintf(container->devnm, MD_NAME_MAX, "%s", devnm);
         container->arrays = NULL;
         container->sock = -1;
  
diff --git a/mdopen.c b/mdopen.c

index d3022a548b4b75b11d73eacab16aae2120dcaa6a..3daa71f99de818ddfdcfe7a51fcd3c363d62e014 100644 (file)
--- a/mdopen.c
+++ b/mdopen.c
@@ -193,14 +193,14 @@ int create_mddev(char *dev, char *name, int autof, int trustworthy,
  
         if (dev) {
                 if (strncmp(dev, DEV_MD_DIR, DEV_MD_DIR_LEN) == 0) {
-                       strcpy(cname, dev + DEV_MD_DIR_LEN);
+                       snprintf(cname, MD_NAME_MAX, "%s", dev + DEV_MD_DIR_LEN);
                 } else if (strncmp(dev, "/dev/", 5) == 0) {
                         char *e = dev + strlen(dev);
                         while (e > dev && isdigit(e[-1]))
                                 e--;
                         if (e[0])
                                 num = strtoul(e, NULL, 10);
-                       strcpy(cname, dev+5);
+                       snprintf(cname, MD_NAME_MAX, "%s", dev + 5);
                         cname[e-(dev+5)] = 0;
                         /* name *must* be mdXX or md_dXX in this context */
                         if (num < 0 ||
diff --git a/platform-intel.c b/platform-intel.c

index 914164c0928ebaab5918ebd72a4aa9668f014811..eb6e1b7e38077b0c5d9dc24b50af151114e8f69b 100644 (file)
--- a/platform-intel.c
+++ b/platform-intel.c
@@ -214,7 +214,7 @@ struct sys_dev *device_by_id_and_path(__u16 device_id, const char *path)
  
  static int devpath_to_ll(const char *dev_path, const char *entry, unsigned long long *val)
  {
-       char path[strlen(dev_path) + strlen(entry) + 2];
+       char path[strnlen(dev_path, PATH_MAX) + strnlen(entry, PATH_MAX) + 2];
         int fd;
         int n;
  
diff --git a/super-intel.c b/super-intel.c

index 824c13564a379d4697268c18f692be4813b9873c..ce813172f1b93b3a8778b9fa4e931ca2af287c1a 100644 (file)
--- a/super-intel.c
+++ b/super-intel.c
@@ -7043,7 +7043,7 @@ active_arrays_by_format(char *name, char* hba, struct md_list **devlist,
                         int fd = -1;
                         while (dev && !is_fd_valid(fd)) {
                                 char *path = xmalloc(strlen(dev->name) + strlen("/dev/") + 1);
-                               num = sprintf(path, "%s%s", "/dev/", dev->name);
+                               num = snprintf(path, PATH_MAX, "%s%s", "/dev/", dev->name);
                                 if (num > 0)
                                         fd = open(path, O_RDONLY, 0);
                                 if (num <= 0 || !is_fd_valid(fd)) {
@@ -7935,7 +7935,7 @@ static int kill_subarray_imsm(struct supertype *st, char *subarray_id)
  
                 if (i < current_vol)
                         continue;
-               sprintf(subarray, "%u", i);
+               snprintf(subarray, sizeof(subarray), "%u", i);
                 if (is_subarray_active(subarray, st->devnm)) {
                         pr_err("deleting subarray-%d would change the UUID of active subarray-%d, aborting\n",
                                current_vol, i);
@@ -11308,7 +11308,7 @@ static const char *imsm_get_disk_controller_domain(const char *path)
         char *drv=NULL;
         struct stat st;
  
-       strcpy(disk_path, disk_by_path);
+       strncpy(disk_path, disk_by_path, PATH_MAX);
         strncat(disk_path, path, PATH_MAX - strlen(disk_path) - 1);
         if (stat(disk_path, &st) == 0) {
                 struct sys_dev* hba;
author	Kinga Tanska <kinga.tanska@intel.com>
	Thu, 11 May 2023 02:55:12 +0000 (04:55 +0200)
committer	Jes Sorensen <jes@trained-monkey.org>
	Fri, 1 Sep 2023 16:09:07 +0000 (12:09 -0400)
mdmon.c		patch \| blob \| blame \| history
mdopen.c		patch \| blob \| blame \| history
platform-intel.c		patch \| blob \| blame \| history
super-intel.c		patch \| blob \| blame \| history