1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
Upstream-Status: Inappropriate [Backport]
From 2636bf1da17720fc99b14cf4db33f1d1a4c9e0ee Mon Sep 17 00:00:00 2001
From: Eduardo Silva <eduardo.silva@oracle.com>
Date: Mon, 7 Feb 2011 08:55:04 -0300
Subject: [PATCH 02/15] Btrfs-progs use safe string manipulation functions
Signed-off-by: Eduardo Silva <eduardo.silva@oracle.com>
Signed-off-by: Chris Mason <chris.mason@oracle.com>
---
btrfs_cmds.c | 14 +++++++-------
btrfsctl.c | 2 +-
convert.c | 2 +-
utils.c | 9 +++++----
4 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/btrfs_cmds.c b/btrfs_cmds.c
index 8031c58..fffb423 100644
--- a/btrfs_cmds.c
+++ b/btrfs_cmds.c
@@ -375,7 +375,7 @@ int do_clone(int argc, char **argv)
printf("Create a snapshot of '%s' in '%s/%s'\n",
subvol, dstdir, newname);
args.fd = fd;
- strcpy(args.name, newname);
+ strncpy(args.name, newname, BTRFS_PATH_NAME_MAX);
res = ioctl(fddst, BTRFS_IOC_SNAP_CREATE, &args);
close(fd);
@@ -436,7 +436,7 @@ int do_delete_subvolume(int argc, char **argv)
}
printf("Delete subvolume '%s/%s'\n", dname, vname);
- strcpy(args.name, vname);
+ strncpy(args.name, vname, BTRFS_PATH_NAME_MAX);
res = ioctl(fd, BTRFS_IOC_SNAP_DESTROY, &args);
close(fd);
@@ -490,7 +490,7 @@ int do_create_subvol(int argc, char **argv)
}
printf("Create subvolume '%s/%s'\n", dstdir, newname);
- strcpy(args.name, newname);
+ strncpy(args.name, newname, BTRFS_PATH_NAME_MAX);
res = ioctl(fddst, BTRFS_IOC_SUBVOL_CREATE, &args);
close(fddst);
@@ -553,7 +553,7 @@ int do_scan(int argc, char **argv)
printf("Scanning for Btrfs filesystems in '%s'\n", argv[i]);
- strcpy(args.name, argv[i]);
+ strncpy(args.name, argv[i], BTRFS_PATH_NAME_MAX);
/*
* FIXME: which are the error code returned by this ioctl ?
* it seems that is impossible to understand if there no is
@@ -593,7 +593,7 @@ int do_resize(int argc, char **argv)
}
printf("Resize '%s' of '%s'\n", path, amount);
- strcpy(args.name, amount);
+ strncpy(args.name, amount, BTRFS_PATH_NAME_MAX);
res = ioctl(fd, BTRFS_IOC_RESIZE, &args);
close(fd);
if( res < 0 ){
@@ -736,7 +736,7 @@ int do_add_volume(int nargs, char **args)
}
close(devfd);
- strcpy(ioctl_args.name, args[i]);
+ strncpy(ioctl_args.name, args[i], BTRFS_PATH_NAME_MAX);
res = ioctl(fdmnt, BTRFS_IOC_ADD_DEV, &ioctl_args);
if(res<0){
fprintf(stderr, "ERROR: error adding the device '%s'\n", args[i]);
@@ -792,7 +792,7 @@ int do_remove_volume(int nargs, char **args)
struct btrfs_ioctl_vol_args arg;
int res;
- strcpy(arg.name, args[i]);
+ strncpy(arg.name, args[i], BTRFS_PATH_NAME_MAX);
res = ioctl(fdmnt, BTRFS_IOC_RM_DEV, &arg);
if(res<0){
fprintf(stderr, "ERROR: error removing the device '%s'\n", args[i]);
diff --git a/btrfsctl.c b/btrfsctl.c
index 92bdf39..adfa519 100644
--- a/btrfsctl.c
+++ b/btrfsctl.c
@@ -237,7 +237,7 @@ int main(int ac, char **av)
}
if (name)
- strcpy(args.name, name);
+ strncpy(args.name, name, BTRFS_PATH_NAME_MAX + 1);
else
args.name[0] = '\0';
diff --git a/convert.c b/convert.c
index d037c98..fbcf4a3 100644
--- a/convert.c
+++ b/convert.c
@@ -857,7 +857,7 @@ static int copy_single_xattr(struct btrfs_trans_handle *trans,
data = databuf;
datalen = bufsize;
}
- strcpy(namebuf, xattr_prefix_table[name_index]);
+ strncpy(namebuf, xattr_prefix_table[name_index], XATTR_NAME_MAX);
strncat(namebuf, EXT2_EXT_ATTR_NAME(entry), entry->e_name_len);
if (name_len + datalen > BTRFS_LEAF_DATA_SIZE(root) -
sizeof(struct btrfs_item) - sizeof(struct btrfs_dir_item)) {
diff --git a/utils.c b/utils.c
index fd894f3..96ef94d 100644
--- a/utils.c
+++ b/utils.c
@@ -108,7 +108,7 @@ int make_btrfs(int fd, const char *device, const char *label,
btrfs_set_super_csum_type(&super, BTRFS_CSUM_TYPE_CRC32);
btrfs_set_super_chunk_root_generation(&super, 1);
if (label)
- strcpy(super.label, label);
+ strncpy(super.label, label, BTRFS_LABEL_SIZE - 1);
buf = malloc(sizeof(*buf) + max(sectorsize, leafsize));
@@ -828,7 +828,7 @@ void btrfs_register_one_device(char *fname)
"skipping device registration\n");
return;
}
- strcpy(args.name, fname);
+ strncpy(args.name, fname, BTRFS_PATH_NAME_MAX);
ret = ioctl(fd, BTRFS_IOC_SCAN_DEV, &args);
close(fd);
}
@@ -971,6 +971,7 @@ static char *size_strs[] = { "", "KB", "MB", "GB", "TB",
char *pretty_sizes(u64 size)
{
int num_divs = 0;
+ int pretty_len = 16;
u64 last_size = size;
u64 fract_size = size;
float fraction;
@@ -988,8 +989,8 @@ char *pretty_sizes(u64 size)
return NULL;
fraction = (float)fract_size / 1024;
- pretty = malloc(16);
- sprintf(pretty, "%.2f%s", fraction, size_strs[num_divs-1]);
+ pretty = malloc(pretty_len);
+ snprintf(pretty, pretty_len, "%.2f%s", fraction, size_strs[num_divs-1]);
return pretty;
}
--
1.7.2.3
|