From: Adam C. Emerson <aemerson@redhat.com>
Date: Tue, 8 May 2018 20:42:56 +0000 (-0400)
Subject: blkdev: Check return of snprintf and error on truncation
X-Git-Tag: v14.0.0~162^2~15
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1683aed5395fb2c195a25715a3dedb83db871fc1;p=ceph.git

blkdev: Check return of snprintf and error on truncation

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
---

diff --git a/src/common/blkdev.cc b/src/common/blkdev.cc
index 2e32b9dc969a..0cd5bafd2acf 100644
--- a/src/common/blkdev.cc
+++ b/src/common/blkdev.cc
@@ -89,7 +89,10 @@ int get_block_device_base(const char *dev, char *out, size_t out_len)
     if (*p == '/')
       *p = '!';
 
-  snprintf(fn, sizeof(fn), "%s/sys/block/%s", sandbox_dir, devname);
+  if (static_cast<size_t>(snprintf(fn, sizeof(fn), "%s/sys/block/%s",
+                                   sandbox_dir, devname))
+      >= sizeof(fn))
+    return -ERANGE;
   if (stat(fn, &st) == 0) {
     if (strlen(devname) + 1 > out_len) {
       return -ERANGE;
@@ -107,8 +110,10 @@ int get_block_device_base(const char *dev, char *out, size_t out_len)
   while ((de = ::readdir(dir))) {
     if (de->d_name[0] == '.')
       continue;
-    snprintf(fn, sizeof(fn), "%s/sys/block/%s/%s", sandbox_dir, de->d_name,
-	     devname);
+    if (static_cast<size_t>(snprintf(fn, sizeof(fn), "%s/sys/block/%s/%s",
+                                     sandbox_dir, de->d_name,
+                                     devname)) >= sizeof(fn))
+      return -ERANGE;
 
     if (stat(fn, &st) == 0) {
       // match!