Merge PR #29316 into master

* refs/pull/29316/head: common,tools: make sure the destination buffer can handle the size of the string src/tools: initialize variables before the goto statement src/mount: check before dereference buf src/crush: check before dereference out2 src/test: s/strcpy/strncpy Reviewed-by: Neha Ojha <nojha@redhat.com> Reviewed-by: Kefu Chai <kchai@redhat.com>
2025-01-02 17:12:31 +00:00 · 2019-07-27 07:59:30 -05:00 · 2019-07-27 07:59:30 -05:00 · c16284d6af
commit c16284d6af
parent e9cfa8f182 5e8c412e63
7 changed files with 17 additions and 11 deletions
--- a/src/common/util.cc
+++ b/src/common/util.cc
@ -249,7 +249,7 @@ void collect_sys_info(map<string, string> *m, CephContext *cct)
 	break;
      char key[40];
      long long value;
-      int r = sscanf(line, "%s %lld", key, &value);
+      int r = sscanf(line, "%39s %lld", key, &value);
      if (r == 2) {
 	if (strcmp(key, "MemTotal:") == 0)
 	  (*m)["mem_total_kb"] = boost::lexical_cast<string>(value);
--- a/src/crush/mapper.c
+++ b/src/crush/mapper.c
@ -792,11 +792,11 @@ static void crush_choose_indep(const struct crush_map *map,
 							out2, rep,
 							recurse_tries, 0,
 							0, NULL, r, choose_args);
-						if (out2[rep] == CRUSH_ITEM_NONE) {
+						if (out2 && out2[rep] == CRUSH_ITEM_NONE) {
 							/* placed nothing; no leaf */
 							break;
 						}
-					} else {
+					} else if (out2) {
 						/* we already have a leaf! */
 						out2[rep] = item;
 					}
--- a/src/mount/mount.ceph.c
+++ b/src/mount/mount.ceph.c
@ -40,6 +40,10 @@ static char *mount_resolve_src(const char *orig_str)
 	char *mount_path;
 	char *src;
 	char *buf = strdup(orig_str);
+	if (!buf) {
+		fprintf(stderr, "%s: failed to allocate memory\n", __func__);
+		return NULL;
+	}

 	mount_path = strstr(buf, ":/");
 	if (!mount_path) {
--- a/src/test/librados_test_stub/TestWatchNotify.cc
+++ b/src/test/librados_test_stub/TestWatchNotify.cc
@ -77,7 +77,8 @@ int TestWatchNotify::list_watchers(int64_t pool_id, const std::string& nspace,
         watcher->watch_handles.begin();
       it != watcher->watch_handles.end(); ++it) {
    obj_watch_t obj;
-    strcpy(obj.addr, it->second.addr.c_str());
+    strncpy(obj.addr, it->second.addr.c_str(), sizeof(obj.addr) - 1);
+    obj.addr[sizeof(obj.addr) - 1] = '\0';
    obj.watcher_id = static_cast<int64_t>(it->second.gid);
    obj.cookie = it->second.handle;
    obj.timeout_seconds = 30;
--- a/src/test/librbd/managed_lock/test_mock_BreakRequest.cc
+++ b/src/test/librbd/managed_lock/test_mock_BreakRequest.cc
@ -81,7 +81,8 @@ public:
      expect.WillOnce(Return(r));
    } else {
      obj_watch_t watcher;
-      strcpy(watcher.addr, (address + ":0/0").c_str());
+      strncpy(watcher.addr, (address + ":0/0").c_str(), sizeof(watcher.addr) - 1);
+      watcher.addr[sizeof(watcher.addr) - 1] = '\0';
      watcher.watcher_id = 0;
      watcher.cookie = watch_handle;

--- a/src/tools/cephfs/Dumper.cc
+++ b/src/tools/cephfs/Dumper.cc
@ -243,7 +243,7 @@ int Dumper::undump(const char *dump_file, bool force)
    if (strstr(buf, "fsid")) {
      uuid_d fsid;
      char fsid_str[40];
-      sscanf(strstr(buf, "fsid"), "fsid %s", fsid_str);
+      sscanf(strstr(buf, "fsid"), "fsid %39s", fsid_str);
      r = fsid.parse(fsid_str);
      if (!r) {
 	derr  << "Invalid fsid" << dendl;
--- a/src/tools/scratchtool.c
+++ b/src/tools/scratchtool.c
@ -106,9 +106,12 @@ out_err:
 static int testrados(void)
 {
 	char tmp[32];
-	int i, r;
+	int i, r, safe;
 	int ret = 1; //set 1 as error case
 	rados_t cl;
+	const char *oid = "foo_object";
+	const char *exkeys[] = { "a", "b", "c", NULL };
+	const char *exvals[] = { "1", "2", "3", NULL };

 	if (rados_create(&cl, NULL) < 0) {
 		printf("error initializing\n");
@ -217,7 +220,6 @@ static int testrados(void)
 	char buf[128], buf2[128];
 	time(&tm);
 	snprintf(buf, 128, "%s", ctime(&tm));
-	const char *oid = "foo_object";
 	r = rados_write(io_ctx, oid, buf, strlen(buf) + 1, 0);
 	printf("rados_write = %d\n", r);
 	r = rados_read(io_ctx, oid, buf2, sizeof(buf2), 0);
@ -238,8 +240,6 @@ static int testrados(void)
 		goto out_err_cleanup;
 	if (do_rados_getxattr(io_ctx, oid, "c", "3"))
 		goto out_err_cleanup;
-	const char *exkeys[] = { "a", "b", "c", NULL };
-	const char *exvals[] = { "1", "2", "3", NULL };
 	if (do_rados_getxattrs(io_ctx, oid, exkeys, exvals))
 		goto out_err_cleanup;

@ -275,7 +275,7 @@ static int testrados(void)
 	rados_completion_t c;
 	rados_aio_create_completion(0, 0, 0, &c);
 	rados_aio_write(io_ctx, "c", c, buf, 100, 0);
-	int safe = rados_aio_is_safe(c);
+	safe = rados_aio_is_safe(c);
 	printf("a should not yet be safe and ... %s\n", safe ? "is":"is not");
 	assert(!safe);
 	rados_aio_flush(io_ctx);