[LU-9835] Potential buffer overrun in jt_opt_threads() Created: 04/Aug/17  Updated: 27/Jul/19  Resolved: 27/Jul/19

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.13.0

Type: Bug Priority: Minor
Reporter: Oleg Drokin Assignee: Oleg Drokin
Resolution: Fixed Votes: 0
Labels: None

Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

smatch highlighted:

        if (verbose != 0) {
                snprintf(cmdstr, sizeof(cmdstr), "%s", argv[4]);
                for (i = 5; i < argc; i++)
                        snprintf(cmdstr + strlen(cmdstr), sizeof(cmdstr),
                                 " %s", argv[i]);

                printf("%s: starting %ld threads on device %s running %s\n",
                       argv[0], threads, argv[3], cmdstr);
        }

Note how the other sprints inside of the for loop advances the cmdstr pointer, but dos not adjust the size of the string.
Really need to do sizeof(cmdstr) - strlen(cmdstr) there.

 Comments   
Comment by Gerrit Updater [ 04/Aug/17 ]

Oleg Drokin (oleg.drokin@intel.com) uploaded a new patch: https://review.whamcloud.com/28363
Subject: LU-9835 utils: Properly maintain remaining buffer length in jt_opt_threads
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: acffeca9de486d99098d3ed4b10ce838991367b6

Comment by Gerrit Updater [ 27/Jul/19 ]

Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/28363/
Subject: LU-9835 utils: Properly maintain remaining buffer length in jt_opt_threads
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: bac36f90818d70c211a40bbae6849abb044319c7

Comment by Peter Jones [ 27/Jul/19 ]

Landed for 2.13

Generated at Sat Feb 10 02:29:42 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.