diff options
author | Lee Duncan <lduncan@suse.com> | 2018-03-21 18:59:40 -0700 |
---|---|---|
committer | Lee Duncan <lduncan@suse.com> | 2018-03-21 18:59:40 -0700 |
commit | 47de9586abd04e412e53232c88d7b1c8f89034f6 (patch) | |
tree | 1f7d99b3de7968a67fc7657dbb50bc7f0680cf02 | |
parent | af02412d3dd3839441ae48e2c9f9c307889d5fc1 (diff) | |
download | open-iscsi-47de9586abd04e412e53232c88d7b1c8f89034f6.tar.gz |
Ensure sysfs pathname doesn't overflow.
When instantiating a pathname in sysfs, make sure there's enough
room to prevent possible overflow.
Found by gcc-8, which gave this warning:
> [ 13s] iscsi_sysfs.c: In function 'iscsi_sysfs_for_each_device':
> [ 13s] iscsi_sysfs.c:1822:44: warning: '%s' directive output may
> be truncated writing up to 511 bytes into a region of size
> between 1 and 512 [-Wformat-truncation=]
> [ 13s] snprintf(path_full, sizeof(path_full), "%s%s/device/target%d:0:%d",
> [ 13s] ^~
> [ 13s] sysfs_path, devpath, host_no, target);
> [ 13s] ~~~~~~~
> [ 13s] iscsi_sysfs.c:1822:41: note: using the range
> [-2147483648, 2147483647] for directive argument
> [ 13s] snprintf(path_full, sizeof(path_full), "%s%s/device/target%d:0:%d",
> [ 13s] ^~~~~~~~~~~~~~~~~~~~~~~~~~~
-rw-r--r-- | usr/iscsi_sysfs.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr/iscsi_sysfs.c b/usr/iscsi_sysfs.c index 031ac1d..a510694 100644 --- a/usr/iscsi_sysfs.c +++ b/usr/iscsi_sysfs.c @@ -1806,7 +1806,7 @@ int iscsi_sysfs_for_each_device(void *data, int host_no, uint32_t sid, int h, b, t, l, i, n, err = 0, target; char devpath[PATH_SIZE]; char id[NAME_SIZE]; - char path_full[PATH_SIZE]; + char path_full[3*PATH_SIZE]; target = get_target_no_from_sid(sid, &err); if (err) @@ -1821,6 +1821,13 @@ int iscsi_sysfs_for_each_device(void *data, int host_no, uint32_t sid, snprintf(path_full, sizeof(path_full), "%s%s/device/target%d:0:%d", sysfs_path, devpath, host_no, target); + + if (strlen(path_full) > PATH_SIZE) { + log_debug(3, "Could not lookup devpath for %s %s (too long)", + ISCSI_SESSION_SUBSYS, id); + return ISCSI_ERR_SYSFS_LOOKUP; + } + n = scandir(path_full, &namelist, trans_filter, alphasort); if (n <= 0) |