From 1b1a30c23fe4911489c6fab6785c5b8fba45bbd6 Mon Sep 17 00:00:00 2001 From: Sean Hefty Date: Thu, 31 May 2012 15:46:07 -0700 Subject: [PATCH] commit --- meta | 3 +- patches/ibacm-security-fix-replace-spr | 81 -------------------------- 2 files changed, 1 insertion(+), 83 deletions(-) delete mode 100644 patches/ibacm-security-fix-replace-spr diff --git a/meta b/meta index 554b871..5b182a8 100644 --- a/meta +++ b/meta @@ -1,8 +1,7 @@ Version: 1 -Previous: d6c0d14ac9d21fd6e100c8e5a60480342ce5427b +Previous: d0899983de533adab22cccbd0800e0707442f409 Head: e3d3b848ce507224ecb5d72d9a6e02c2978a7d91 Applied: - ibacm-security-fix-replace-spr: e3d3b848ce507224ecb5d72d9a6e02c2978a7d91 Unapplied: subnet-timeout: 38fd77602906466a2dfe7d35abe0d250ddb8c981 dev-name2ip: 8e00708e882239292492e13aa51c82042255933c diff --git a/patches/ibacm-security-fix-replace-spr b/patches/ibacm-security-fix-replace-spr deleted file mode 100644 index 79a4500..0000000 --- a/patches/ibacm-security-fix-replace-spr +++ /dev/null @@ -1,81 +0,0 @@ -Bottom: 0a154427ec6f2d8d3bfc7b11d394a4d72b5adfc5 -Top: a971239f22e61016c756021263852a291c5f5953 -Author: Dotan Barak -Date: 2012-04-23 09:09:44 -0700 - -ibacm: security fix replace sprintf with snprintf - -Replace sprintf with snprintf to protects from buffer overflow. - -Signed-off-by: Dotan Barak -Reviewed-by: Jack Morgenstein -Signed-off-by: Sean Hefty - - ---- - -diff --git a/linux/acme_linux.c b/linux/acme_linux.c -index 9477d29..1039645 100644 ---- a/linux/acme_linux.c -+++ b/linux/acme_linux.c -@@ -53,7 +53,7 @@ get_pkey(struct ifreq *ifreq, uint16_t *pkey) - FILE *f; - int ret; - -- sprintf(buf, "//sys//class//net//%s//pkey", ifreq->ifr_name); -+ snprintf(buf, sizeof buf, "//sys//class//net//%s//pkey", ifreq->ifr_name); - f = fopen(buf, "r"); - if (!f) { - printf("failed to open %s\n", buf); -@@ -79,7 +79,7 @@ get_sgid(struct ifreq *ifr, union ibv_gid *sgid) - FILE *f; - int i, p, ret; - -- sprintf(buf, "//sys//class//net//%s//address", ifr->ifr_name); -+ snprintf(buf, sizeof buf, "//sys//class//net//%s//address", ifr->ifr_name); - f = fopen(buf, "r"); - if (!f) { - printf("failed to open %s\n", buf); -diff --git a/src/acm.c b/src/acm.c -index 099e84e..376f294 100644 ---- a/src/acm.c -+++ b/src/acm.c -@@ -268,7 +268,7 @@ acm_format_name(int level, char *name, size_t name_size, - case ACM_EP_INFO_PATH: - path = (struct ibv_path_record *) addr; - if (path->dlid) { -- sprintf(name, "SLID(%u) DLID(%u)", -+ snprintf(name, name_size, "SLID(%u) DLID(%u)", - ntohs(path->slid), ntohs(path->dlid)); - } else { - acm_format_name(level, name, name_size, ACM_ADDRESS_GID, -@@ -276,7 +276,7 @@ acm_format_name(int level, char *name, size_t name_size, - } - break; - case ACM_ADDRESS_LID: -- sprintf(name, "LID(%u)", ntohs(*((uint16_t *) addr))); -+ snprintf(name, name_size, "LID(%u)", ntohs(*((uint16_t *) addr))); - break; - default: - strcpy(name, "Unknown"); -@@ -3125,7 +3125,7 @@ static int acm_open_lock_file(void) - return -1; - } - -- sprintf(pid, "%d\n", getpid()); -+ snprintf(pid, sizeof pid, "%d\n", getpid()); - write(lock_fd, pid, strlen(pid)); - return 0; - } -diff --git a/src/parse.c b/src/parse.c -index 9a01afb..83ce843 100644 ---- a/src/parse.c -+++ b/src/parse.c -@@ -52,7 +52,7 @@ static char *expand(char *basename, char *args, int *str_cnt, int *str_size) - } - - while (from <= to) { -- sprintf(buf, "%s%0*d", basename, width, from); -+ snprintf(buf, sizeof buf, "%s%0*d", basename, width, from); - str_buf = realloc(str_buf, size + strlen(buf)+1); - strcpy(&str_buf[size], buf); -- 2.46.0