uncommit

diff --git a/meta b/meta
index 9ac7ae6d00ab84791c6a70a258e3b6a13abc4b5c..7da898d9c400b03a55f6e9a1f2216441b944dc88 100644 (file)
--- a/meta
+++ b/meta
@@ -1,7 +1,8 @@
 Version: 1
-Previous: 4cdfd39abd917a6b8a7401319bfd6accedf58ef5
+Previous: ba8196e41661e26740c98797da61510b27dc6969
 Head: 5d8f3e29f8552ed33e63d57056f17abe2602632a
 Applied:
+  ibacm-security-fix-replace-spr: 5d8f3e29f8552ed33e63d57056f17abe2602632a
 Unapplied:
   rpm-fixes: 4b49580322ab1d58d339b24a26f8b220e0e92cb9
   dev-name2ip: 8e00708e882239292492e13aa51c82042255933c

diff --git a/patches/ibacm-security-fix-replace-spr b/patches/ibacm-security-fix-replace-spr
new file mode 100644 (file)
index 0000000..c41dcea
--- /dev/null
+++ b/patches/ibacm-security-fix-replace-spr
@@ -0,0 +1,81 @@
+Bottom: 94cf3ac2f65474e3ae10d0759a997a516a0f0222
+Top:    18781a75a9389459fd54f05e6690f13c88dca330
+Author: Dotan Barak <dotanb@dev.mellanox.co.il>
+Date:   2012-04-23 09:09:44 -0700
+
+ibacm: security fix replace sprintf with snprintf
+
+Replace sprintf with snprintf to protects from buffer overflow.
+
+Signed-off-by: Dotan Barak <dotanb@dev.mellanox.co.il>
+Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
+Signed-off-by: Sean Hefty <sean.hefty@intel.com>
+
+
+---
+
+diff --git a/linux/acme_linux.c b/linux/acme_linux.c
+index 9477d29..1039645 100644
+--- a/linux/acme_linux.c
++++ b/linux/acme_linux.c
+@@ -53,7 +53,7 @@ get_pkey(struct ifreq *ifreq, uint16_t *pkey)
+       FILE *f;
+       int ret;
+ 
+-      sprintf(buf, "//sys//class//net//%s//pkey", ifreq->ifr_name);
++      snprintf(buf, sizeof buf, "//sys//class//net//%s//pkey", ifreq->ifr_name);
+       f = fopen(buf, "r");
+       if (!f) {
+               printf("failed to open %s\n", buf);
+@@ -79,7 +79,7 @@ get_sgid(struct ifreq *ifr, union ibv_gid *sgid)
+       FILE *f;
+       int i, p, ret;
+ 
+-      sprintf(buf, "//sys//class//net//%s//address", ifr->ifr_name);
++      snprintf(buf, sizeof buf, "//sys//class//net//%s//address", ifr->ifr_name);
+       f = fopen(buf, "r");
+       if (!f) {
+               printf("failed to open %s\n", buf);
+diff --git a/src/acm.c b/src/acm.c
+index 099e84e..376f294 100644
+--- a/src/acm.c
++++ b/src/acm.c
+@@ -268,7 +268,7 @@ acm_format_name(int level, char *name, size_t name_size,
+       case ACM_EP_INFO_PATH:
+               path = (struct ibv_path_record *) addr;
+               if (path->dlid) {
+-                      sprintf(name, "SLID(%u) DLID(%u)",
++                      snprintf(name, name_size, "SLID(%u) DLID(%u)",
+                               ntohs(path->slid), ntohs(path->dlid));
+               } else {
+                       acm_format_name(level, name, name_size, ACM_ADDRESS_GID,
+@@ -276,7 +276,7 @@ acm_format_name(int level, char *name, size_t name_size,
+               }
+               break;
+       case ACM_ADDRESS_LID:
+-              sprintf(name, "LID(%u)", ntohs(*((uint16_t *) addr)));
++              snprintf(name, name_size, "LID(%u)", ntohs(*((uint16_t *) addr)));
+               break;
+       default:
+               strcpy(name, "Unknown");
+@@ -3125,7 +3125,7 @@ static int acm_open_lock_file(void)
+               return -1;
+       }
+ 
+-      sprintf(pid, "%d\n", getpid());
++      snprintf(pid, sizeof pid, "%d\n", getpid());
+       write(lock_fd, pid, strlen(pid));
+       return 0;
+ }
+diff --git a/src/parse.c b/src/parse.c
+index 9a01afb..83ce843 100644
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -52,7 +52,7 @@ static char *expand(char *basename, char *args, int *str_cnt, int *str_size)
+               }
+ 
+               while (from <= to) {
+-                      sprintf(buf, "%s%0*d", basename, width, from);
++                      snprintf(buf, sizeof buf, "%s%0*d", basename, width, from);
+                       str_buf = realloc(str_buf, size + strlen(buf)+1);
+                       strcpy(&str_buf[size], buf);