https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-2074 Lustre <p>Thanks to the Coverity tool, we found some 'security best practices violations' in the Lustre code, and more specifically cases of copy into fixed size buffer.<br/> This is typically where we should use strlcpy() instead of strcpy() or strlcat() instead of strcat() because the size of the source buffer is not known.</p> <p>I will propose a patch to address the issues.</p> LU-2074

Fix 'copy into fixed size buffer' errors

Technical task LU-2753 Minor Resolved Fixed Keith Mannthey Sebastien Buisson build coverity ptr Tue, 2 Oct 2012 10:44:02 +0000 Tue, 1 Oct 2013 13:58:55 +0000 Tue, 1 Oct 2013 13:58:55 +0000 Lustre 2.4.0 Lustre 2.1.3 Lustre 2.5.0 0 5 <p>The patch is available here:</p> <p><a href="http://review.whamcloud.com/4154" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/4154</a></p> <p>Could you please review it?</p> <p>I will take a look at it. </p> <p>Sabastien as per our discussion in review. </p> <p>I will look in the compilation issue. Lustre has both kernel and userspace context I will look around and see what the issue is. </p> <p>Is it safe to say that:<br/> In general the spots that Coverity found have unsafe data types where the receiving buffer may be smaller then the sending buffer? I agree char * can be vague. As mentioned some spots are safe and not identified by the tool and we are protecting against overflows where we will go and trample on neighboring data. What this patch seems to be attempting to do is truncate the message down to the receiving message size. </p> <p>What happens when a message does get truncated? Likely a user of the data will have a random failure as the data is incomplete. Some data is lost. I would agree that truncation is better than overflow and random corruption. It seems there is at least a 3rd option which is audit and see if some of these tricky situations can be resolved through fundamental code changes and tricky spots add level of checking and add E2BIG errors when we will truncate. If we stop fitting into the receiving buffers I would rather we raise an error and stop than continue on with only part of the data.</p> <p>Does this seem reasonable? </p> <p>The initial purpose of the patch was to avoid some buffer overflow issues found by Coverity. But I agree we could try to detect cases of truncation, and return an E2BIG error instead of continuing with partial data.<br/> Hopefully strlcpy() and strlcat() make truncation detection easy. Please tell me if you can find out what is going on with the compilation issue.</p> <p>Cheers,<br/> Sebastien.</p> <p>This issue is blocked on a build issue. <br/> <a href="http://jira.whamcloud.com/browse/LU-2662" class="external-link" rel="nofollow">http://jira.whamcloud.com/browse/LU-2662</a></p> <p>The usage of strlcpy function brings additionally dependencies to userspace binaries. The following patch is required to build without error. I think it's a bad idea to use this function and add additional dependencies.</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>diff --git a/lnet/utils/Makefile.am b/lnet/utils/Makefile.am index f11a21a..6c01d7a 100644 --- a/lnet/utils/Makefile.am +++ b/lnet/utils/Makefile.am @@ -70,17 +70,17 @@ endif wirecheck_SOURCES = wirecheck.c ptlctl_SOURCES = ptlctl.c -ptlctl_LDADD = -L. -lptlctl $(LIBCFSUTIL) $(LIBCFS) $(LIBREADLINE) $(LIBEFENCE) +ptlctl_LDADD = -L. -lptlctl $(LIBCFSUTIL) $(LIBCFS) $(LIBREADLINE) $(LIBEFENCE) $(PTHREAD_LIBS) ptlctl_DEPENDENCIES = libptlctl.a routerstat_SOURCES = routerstat.c debugctl_SOURCES = debugctl.c -debugctl_LDADD = -L. -lptlctl $(LIBCFSUTIL) $(LIBREADLINE) $(LIBEFENCE) +debugctl_LDADD = -L. -lptlctl $(LIBCFSUTIL) $(LIBCFS) $(LIBREADLINE) $(LIBEFENCE) $(PTHREAD_LIBS) debugctl_DEPENDENCIES = libptlctl.a lst_SOURCES = lst.c -lst_LDADD = -L. -lptlctl $(LIBCFSUTIL) $(LIBCFS) $(LIBREADLINE) $(LIBEFENCE) +lst_LDADD = -L. -lptlctl $(LIBCFSUTIL) $(LIBCFS) $(LIBREADLINE) $(LIBEFENCE) $(PTHREAD_LIBS) lst_DEPENDENCIES = libptlctl.a LND_LIBS = diff --git a/lustre/utils/Makefile.am b/lustre/utils/Makefile.am index 23bde35..a500d67 100644 --- a/lustre/utils/Makefile.am +++ b/lustre/utils/Makefile.am @@ -58,7 +58,7 @@ lustre_rsync_LDADD := liblustreapi.a $(LIBPTLCTL) $(PTHREAD_LIBS) $(LIBREADLINE lustre_rsync_DEPENDENCIES := $(LIBPTLCTL) liblustreapi.a ll_recover_lost_found_objs_SOURCES = ll_recover_lost_found_objs.c -ll_recover_lost_found_objs_LDADD := $(LIBPTLCTL) +ll_recover_lost_found_objs_LDADD := $(LIBPTLCTL) $(PTHREAD_LIBS) ll_recover_lost_found_objs_DEPENDENCIES := $(LIBPTLCTL) lshowmount_SOURCES = lshowmount.c nidlist.c nidlist.h @@ -118,14 +118,14 @@ obdbarrier_SOURCES = obdbarrier.c obdiolib.c obdiolib.h req_layout_SOURCES = req-layout.c llog_reader_SOURCES = llog_reader.c -llog_reader_LDADD := $(LIBPTLCTL) +llog_reader_LDADD := $(LIBPTLCTL) $(PTHREAD_LIBS) llog_reader_DEPENDENCIES := $(LIBPTLCTL) lr_reader_SOURCES = lr_reader.c mount_lustre_SOURCES = mount_lustre.c mount_utils.c mount_utils.h mount_lustre_CPPFLAGS = $(AM_CPPFLAGS) -mount_lustre_LDADD := $(LIBPTLCTL) +mount_lustre_LDADD := $(LIBPTLCTL) $(PTHREAD_LIBS) mount_lustre_DEPENDENCIES := $(LIBPTLCTL) if LDISKFS_ENABLED mount_lustre_SOURCES += mount_utils_ldiskfs.c @@ -139,7 +139,7 @@ endif mkfs_lustre_SOURCES = mkfs_lustre.c mount_utils.c mount_utils.h mkfs_lustre_CPPFLAGS = -UTUNEFS $(AM_CPPFLAGS) -mkfs_lustre_LDADD := $(LIBPTLCTL) +mkfs_lustre_LDADD := $(LIBPTLCTL) $(PTHREAD_LIBS) mkfs_lustre_DEPENDENCIES := $(LIBPTLCTL) if LDISKFS_ENABLED mkfs_lustre_SOURCES += mount_utils_ldiskfs.c @@ -168,10 +168,12 @@ tunefs_lustre_LDFLAGS = -pthread -rdynamic -ldl endif l_getidentity_SOURCES = l_getidentity.c -l_getidentity_LDADD := $(LIBPTLCTL) +l_getidentity_LDADD := $(LIBPTLCTL) $(PTHREAD_LIBS) l_getidentity_DEPENDENCIES := $(LIBPTLCTL) ltrack_stats_SOURCES = ltrack_stats.c +ltrack_stats_LDADD := $(LIBPTLCTL) $(PTHREAD_LIBS) +ltrack_stats_DEPENDENCIES := $(LIBPTLCTL) EXTRA_DIST = $(sbin_scripts) $(bin_scripts) diff --git a/lustre/utils/ltrack_stats.c b/lustre/utils/ltrack_stats.c index eed0fcc..de5a3d6 100644 --- a/lustre/utils/ltrack_stats.c +++ b/lustre/utils/ltrack_stats.c @@ -45,7 +45,9 @@ #include &lt;signal.h&gt; #include &lt;string.h&gt; #include &lt;stdlib.h&gt; +#include &lt;errno.h&gt; +extern size_t strlcpy(char *dst, const char *src, size_t len); #define TRACK_BY_GID 0 #define TRACK_BY_PPID 1 </pre> </div></div> <p>Dmitry, Can you confirm that patch works for lbuild and this 2074 patch?<br/> I have been able to build local before just not in the lbuild/autotest framework. </p> <p>Patch Set 16: Verified<br/> Build Successful <br/> <a href="http://build.whamcloud.com/job/lustre-reviews/16913/" class="external-link" target="_blank" rel="nofollow noopener">http://build.whamcloud.com/job/lustre-reviews/16913/</a> : SUCCESS</p> <p>Landed for 2.5.0</p> Development Rank 1|hzv4wn: Rank (Obsolete) 4328