diff options
| author | Poornima G <pgurusid@redhat.com> | 2018-11-22 21:41:37 +0530 |
|---|---|---|
| committer | Amar Tumballi <amarts@redhat.com> | 2018-11-24 17:22:12 +0000 |
| commit | 424978302c7d5d0e03e54a6284c250e951ca694d (patch) | |
| tree | 882f9bab8b75e09f7cb38010ae0fae779d445993 | |
| parent | a0fdc9202ca37dccab937e166c8ee696d049e08f (diff) | |
| download | glusterfs-424978302c7d5d0e03e54a6284c250e951ca694d.tar.gz glusterfs-424978302c7d5d0e03e54a6284c250e951ca694d.tar.xz glusterfs-424978302c7d5d0e03e54a6284c250e951ca694d.zip | |
Coverity fix for calling risky function - fscanf
fscanf with %s reads a word, there is no restriction on the length
of that word, and the caller is required to pass a sufficiently
large buffer for storing thw word. If the input word exceeds the
buffer size, it will cause buffer overflow.
To fix this, use fscanf with width parameter. Width specifies
the maximum number of characters to be read in the current reading
operation.
Change-Id: If250abf5eb637b9fc2a79047e3599f83254cd4e5
updates: bz#1193929
Signed-off-by: Poornima G <pgurusid@redhat.com>
| -rw-r--r-- | libglusterfs/src/common-utils.c | 2 | ||||
| -rw-r--r-- | libglusterfs/src/statedump.c | 12 |
2 files changed, 7 insertions, 7 deletions
diff --git a/libglusterfs/src/common-utils.c b/libglusterfs/src/common-utils.c index 47558e76ba..63cbf13388 100644 --- a/libglusterfs/src/common-utils.c +++ b/libglusterfs/src/common-utils.c @@ -4332,7 +4332,7 @@ gf_backtrace_fillframes(char *buf) pos = 0; for (idx = 0; idx < frames - 2; idx++) { - ret = fscanf(fp, "%s", callingfn[idx]); + ret = fscanf(fp, "%1023s", callingfn[idx]); if (ret == EOF) break; inc = gf_backtrace_append(buf, pos, callingfn[idx]); diff --git a/libglusterfs/src/statedump.c b/libglusterfs/src/statedump.c index ed5cad5349..bab9585593 100644 --- a/libglusterfs/src/statedump.c +++ b/libglusterfs/src/statedump.c @@ -89,19 +89,19 @@ gf_proc_dump_set_path(char *dump_options_file) if (!fp) goto out; - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); while (ret != EOF) { key = strtok_r(buf, "=", &saveptr); if (!key) { - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); continue; } value = strtok_r(NULL, "=", &saveptr); if (!value) { - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); continue; } if (!strcmp(key, "path")) { @@ -747,19 +747,19 @@ gf_proc_dump_options_init() // swallow the errors if setting statedump file path is failed. (void)gf_proc_dump_set_path(dump_option_file); - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); while (ret != EOF) { key = strtok_r(buf, "=", &saveptr); if (!key) { - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); continue; } value = strtok_r(NULL, "=", &saveptr); if (!value) { - ret = fscanf(fp, "%s", buf); + ret = fscanf(fp, "%255s", buf); continue; } |