On 06/02/2011 04:29 PM, Ivana Hutarova Varekova wrote:
> The function cg_build_path is internal now. All calls of it (there is one
> exception - cgroup_fill_cgc function which uses FILENAME_MAX+1, fixed now too)
> have the limited second parameter buffer to FILENAME_MAX.
>
> cg_build_path copy to this buffer, but thhere was no limitation of the size
> of coppied buffer.
> This is fixed in the patch.
>
> Signed-off-by: Ivana Hutarova Varekova <varek...@redhat.com>
Acked-By: Jan Safranek <jsafr...@redhat.com>
Also, I'm going to merge it shortly.
> ---
>
> src/api.c | 14 ++++++++------
> 1 files changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/src/api.c b/src/api.c
> index 53c76e8..d5cc94f 100644
> --- a/src/api.c
> +++ b/src/api.c
> @@ -993,22 +993,22 @@ static inline pid_t cg_gettid(void)
>
>
> /* Call with cg_mount_table_lock taken */
> +/* path value have to have size at least FILENAME_MAX */
> static char *cg_build_path_locked(const char *name, char *path,
> const char *type)
> {
> int i;
> for (i = 0; cg_mount_table[i].name[0] != '\0'; i++) {
> - /*
> - * XX: Change to snprintf once you figure what n should be
> - */
> if (strcmp(cg_mount_table[i].name, type) == 0) {
> if (cg_namespace_table[i]) {
> - sprintf(path, "%s/%s/",
> + snprintf(path, FILENAME_MAX, "%s/%s/",
> cg_mount_table[i].mount.path,
> cg_namespace_table[i]);
> + path[FILENAME_MAX-1] = '\0';
> } else {
> - sprintf(path, "%s/",
> + snprintf(path, FILENAME_MAX, "%s/",
> cg_mount_table[i].mount.path);
> + path[FILENAME_MAX-1] = '\0';
> }
>
> if (name) {
> @@ -1017,7 +1017,9 @@ static char *cg_build_path_locked(const char *name,
> char *path,
>
> /* FIXME: missing OOM check here! */
>
> - sprintf(path, "%s%s/", tmp, name);
> + snprintf(path, FILENAME_MAX, "%s%s/",
> + tmp, name);
> + path[FILENAME_MAX-1] = '\0';
> free(tmp);
> }
> return path;
>
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
> _______________________________________________
> Libcg-devel mailing list
> Libcg-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/libcg-devel
------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today.
http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
