cg_build_path: use max FILENAME_MAX characters for array in 2nd parameter

The function cg_build_path is internal now. All calls of it (there is one
exception - cgroup_fill_cgc function which uses FILENAME_MAX+1, fixed now too)
have the limited second parameter buffer to FILENAME_MAX.

cg_build_path copy to this buffer, but thhere was no limitation of the size of coppied buffer.
This is fixed in the patch.

Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com>
Signed-off-by: Jan Safranek <jsafrane@redhat.com>

diff --git a/src/api.c b/src/api.c
index 58f872a8854f4cb67f225cf8744bdbaae8a286af..91fbf5cb262c1fa92abe87bd0ef11aacb31126f4 100644 (file)
--- a/src/api.c
+++ b/src/api.c
@@ -1006,22 +1006,22 @@ static inline pid_t cg_gettid(void)
 
 
 /* Call with cg_mount_table_lock taken */
+/* path value have to have size at least FILENAME_MAX */
 static char *cg_build_path_locked(const char *name, char *path,
                                                const char *type)
 {
        int i;
        for (i = 0; cg_mount_table[i].name[0] != '\0'; i++) {
-               /*
-                * XX: Change to snprintf once you figure what n should be
-                */
                if (strcmp(cg_mount_table[i].name, type) == 0) {
                        if (cg_namespace_table[i]) {
-                               sprintf(path, "%s/%s/",
+                               snprintf(path, FILENAME_MAX, "%s/%s/",
                                                cg_mount_table[i].mount.path,
                                                cg_namespace_table[i]);
+                               path[FILENAME_MAX-1] = '\0';
                        } else {
-                               sprintf(path, "%s/",
+                               snprintf(path, FILENAME_MAX, "%s/",
                                                cg_mount_table[i].mount.path);
+                               path[FILENAME_MAX-1] = '\0';
                        }
 
                        if (name) {
@@ -1030,7 +1030,9 @@ static char *cg_build_path_locked(const char *name, char *path,
 
                                /* FIXME: missing OOM check here! */
 
-                               sprintf(path, "%s%s/", tmp, name);
+                               snprintf(path, FILENAME_MAX, "%s%s/",
+                                       tmp, name);
+                               path[FILENAME_MAX-1] = '\0';
                                free(tmp);
                        }
                        return path;