libmultipath: fixup string copy and comparison
authorHannes Reinecke <hare@suse.de>
Thu, 16 Jun 2016 08:38:04 +0000 (10:38 +0200)
committerHannes Reinecke <hare@suse.de>
Thu, 16 Jun 2016 08:38:04 +0000 (10:38 +0200)
When doing a strncpy or strncmp we need to omit the trailing
NULL in the length to avoid any possible overflow.
Found by coverity.

Signed-off-by: Hannes Reinecke <hare@suse.com>
libmpathpersist/mpath_persist.c
libmultipath/configure.c
libmultipath/dmparser.c
libmultipath/prio.c
libmultipath/structs_vec.c
libmultipath/waiter.c

index b23e116..d2c3e53 100644 (file)
@@ -375,7 +375,8 @@ get_mpvec (vector curmp, vector pathvec, char * refwwid)
                /*
                 * discard out of scope maps
                 */
-               if (mpp->alias && refwwid && strncmp (mpp->alias, refwwid, WWID_SIZE)){
+               if (mpp->alias && refwwid &&
+                   strncmp (mpp->alias, refwwid, WWID_SIZE - 1)){
                        free_multipath (mpp, KEEP_PATHS);
                        vector_del_slot (curmp, i);
                        i--;
@@ -485,7 +486,8 @@ int mpath_prout_reg(struct multipath *mpp,int rq_servact, int rq_scope,
                                condlog (1, "%s: %s path not up. Skip.", mpp->wwid, pp->dev);
                                continue;
                        }
-                       strncpy(thread[count].param.dev, pp->dev, FILE_NAME_SIZE);
+                       strncpy(thread[count].param.dev, pp->dev,
+                               FILE_NAME_SIZE - 1);
 
                        if (count && (thread[count].param.paramp->sa_flags & MPATH_F_SPEC_I_PT_MASK)){
                                /*
@@ -602,7 +604,7 @@ int send_prout_activepath(char * dev, int rq_servact, int rq_scope,
        int rc;
 
        memset(&thread, 0, sizeof(thread));
-       strncpy(param.dev, dev, FILE_NAME_SIZE);
+       strncpy(param.dev, dev, FILE_NAME_SIZE - 1);
        /* Initialize and set thread joinable attribute */
        pthread_attr_init(&attr);
        pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE);
@@ -670,7 +672,8 @@ int mpath_prout_rel(struct multipath *mpp,int rq_servact, int rq_scope,
                                continue;
                        }
 
-                       strncpy(thread[count].param.dev, pp->dev, FILE_NAME_SIZE);
+                       strncpy(thread[count].param.dev, pp->dev,
+                               FILE_NAME_SIZE - 1);
                        condlog (3, "%s: sending pr out command to %s", mpp->wwid, pp->dev);
                        rc = pthread_create (&thread[count].id, &attr, mpath_prout_pthread_fn,
                                        (void *) (&thread[count].param));
index a4a2c44..8e938c0 100644 (file)
@@ -65,7 +65,7 @@ int group_by_host_adapter(struct pathgroup *pgp, vector adapters)
                        goto out;
                agp->pgp = pgp;
 
-               strncpy(agp->adapter_name, adapter_name1, SLOT_NAME_SIZE);
+               strncpy(agp->adapter_name, adapter_name1, SLOT_NAME_SIZE - 1);
                store_adaptergroup(adapters, agp);
 
                /* create a new host port group
@@ -395,7 +395,7 @@ select_action (struct multipath * mpp, vector curmp, int force_reload)
                if (cmpp) {
                        condlog(2, "%s: rename %s to %s", mpp->wwid,
                                cmpp->alias, mpp->alias);
-                       strncpy(mpp->alias_old, cmpp->alias, WWID_SIZE);
+                       strncpy(mpp->alias_old, cmpp->alias, WWID_SIZE - 1);
                        mpp->action = ACT_RENAME;
                        if (force_reload)
                                mpp->action = ACT_FORCERENAME;
@@ -410,7 +410,7 @@ select_action (struct multipath * mpp, vector curmp, int force_reload)
        if (!cmpp) {
                condlog(2, "%s: remove (wwid changed)", mpp->alias);
                dm_flush_map(mpp->alias);
-               strncpy(cmpp_by_name->wwid, mpp->wwid, WWID_SIZE);
+               strncpy(cmpp_by_name->wwid, mpp->wwid, WWID_SIZE - 1);
                drop_multipath(curmp, cmpp_by_name->wwid, KEEP_PATHS);
                mpp->action = ACT_CREATE;
                condlog(3, "%s: set ACT_CREATE (map wwid change)",
@@ -770,7 +770,7 @@ coalesce_paths (struct vectors * vecs, vector newmp, char * refwwid, int force_r
                }
 
                /* 4. path is out of scope */
-               if (refwwid && strncmp(pp1->wwid, refwwid, WWID_SIZE))
+               if (refwwid && strncmp(pp1->wwid, refwwid, WWID_SIZE - 1))
                        continue;
 
                /* If find_multipaths was selected check if the path is valid */
@@ -896,7 +896,7 @@ coalesce_paths (struct vectors * vecs, vector newmp, char * refwwid, int force_r
                        if (!deadmap(mpp))
                                continue;
 
-                       strncpy(alias, mpp->alias, WWID_SIZE);
+                       strncpy(alias, mpp->alias, WWID_SIZE - 1);
 
                        if ((j = find_slot(newmp, (void *)mpp)) != -1)
                                vector_del_slot(newmp, j);
index 289be89..98fb559 100644 (file)
@@ -344,10 +344,11 @@ disassemble_map (vector pathvec, char * params, struct multipath * mpp)
                                if (!pp)
                                        goto out1;
 
-                               strncpy(pp->dev_t, word, BLK_DEV_SIZE);
-                               strncpy(pp->dev, devname, FILE_NAME_SIZE);
+                               strncpy(pp->dev_t, word, BLK_DEV_SIZE - 1);
+                               strncpy(pp->dev, devname, FILE_NAME_SIZE - 1);
                                if (strlen(mpp->wwid)) {
-                                       strncpy(pp->wwid, mpp->wwid, WWID_SIZE);
+                                       strncpy(pp->wwid, mpp->wwid,
+                                               WWID_SIZE - 1);
                                }
                                /* Only call this in multipath client mode */
                                if (!conf->daemon && store_path(pathvec, pp))
@@ -355,7 +356,8 @@ disassemble_map (vector pathvec, char * params, struct multipath * mpp)
                        } else {
                                if (!strlen(pp->wwid) &&
                                    strlen(mpp->wwid))
-                                       strncpy(pp->wwid, mpp->wwid, WWID_SIZE);
+                                       strncpy(pp->wwid, mpp->wwid,
+                                               WWID_SIZE - 1);
                        }
                        FREE(word);
 
@@ -367,14 +369,16 @@ disassemble_map (vector pathvec, char * params, struct multipath * mpp)
                         * in the get_dm_mpvec() code path
                         */
                        if (!strlen(mpp->wwid))
-                               strncpy(mpp->wwid, pp->wwid, WWID_SIZE);
+                               strncpy(mpp->wwid, pp->wwid,
+                                       WWID_SIZE - 1);
 
                        /*
                         * Update wwid for paths which may not have been
                         * active at the time the getuid callout was run
                         */
                        else if (!strlen(pp->wwid))
-                               strncpy(pp->wwid, mpp->wwid, WWID_SIZE);
+                               strncpy(pp->wwid, mpp->wwid,
+                                       WWID_SIZE - 1);
 
                        pgp->id ^= (long)pp;
                        pp->pgindex = i + 1;
index ab8eca9..fbf3190 100644 (file)
@@ -158,7 +158,7 @@ void prio_get (struct prio * dst, char * name, char * args)
 
        strncpy(dst->name, src->name, PRIO_NAME_LEN);
        if (args)
-               strncpy(dst->args, args, PRIO_ARGS_LEN);
+               strncpy(dst->args, args, PRIO_ARGS_LEN - 1);
        dst->getprio = src->getprio;
        dst->handle = NULL;
 
index 7d46d42..e992b54 100644 (file)
@@ -447,8 +447,8 @@ find_existing_alias (struct multipath * mpp,
        int i;
 
        vector_foreach_slot (vecs->mpvec, mp, i)
-               if (strcmp(mp->wwid, mpp->wwid) == 0) {
-                       strncpy(mpp->alias_old, mp->alias, WWID_SIZE);
+               if (strncmp(mp->wwid, mpp->wwid, WWID_SIZE - 1) == 0) {
+                       strncpy(mpp->alias_old, mp->alias, WWID_SIZE - 1);
                        return;
                }
 }
index 7cedd4b..6937034 100644 (file)
@@ -191,7 +191,7 @@ int start_waiter_thread (struct multipath *mpp, struct vectors *vecs)
        if (!wp)
                goto out;
 
-       strncpy(wp->mapname, mpp->alias, WWID_SIZE);
+       strncpy(wp->mapname, mpp->alias, WWID_SIZE - 1);
        wp->vecs = vecs;
 
        if (pthread_create(&wp->thread, &waiter_attr, waitevent, wp)) {