Print this page
NEX-9323 cfgadm FC plugin allocates insufficient memory for internal
buffers
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
*** 18,33 ****
--- 18,35 ----
*
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
+ * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <libgen.h>
+ #include <limits.h>
#include "cfga_fp.h"
/* The following are used by update_fabric_wwn_list() */
#define COPY_EXT ".cpy." /* Extn used in naming backup file */
#define TMP_EXT ".tmp." /* Extn used in naming temp file */
*** 220,229 ****
--- 222,232 ----
update_fabric_wwn_list(int cmd, const char *update_str, char **errstring)
{
int fd, copy_fd, tmp_fd, new_file_flag = 0;
int len, write_offset, bytes_left;
int sizeof_rep_hdr = strlen(HDR);
+ int pid_maxlen = snprintf(NULL, 0, "%d", PID_MAX) + 1;
char *repbuf, *c_repbuf, *t_repbuf;
char *copy_rep, *tmp_rep, *upd_str;
off_t filesize, size;
struct stat stbuf;
*** 301,311 ****
strcat(upd_str, "\n"); /* Append a new line char */
len = strlen(upd_str);
if (filesize > 0) {
if ((copy_rep = (char *)calloc(1, strlen(FAB_REPOSITORY) +
! sizeof (COPY_EXT) + sizeof (pid_t))) == NULL) {
cfga_err(errstring, errno, ERR_UPD_REP, 0);
CLEANUP_N_RET(FPCFGA_LIB_ERR);
}
(void) sprintf(copy_rep, "%s%s%ld", FAB_REPOSITORY, COPY_EXT,
--- 304,314 ----
strcat(upd_str, "\n"); /* Append a new line char */
len = strlen(upd_str);
if (filesize > 0) {
if ((copy_rep = (char *)calloc(1, strlen(FAB_REPOSITORY) +
! sizeof (COPY_EXT) + pid_maxlen)) == NULL) {
cfga_err(errstring, errno, ERR_UPD_REP, 0);
CLEANUP_N_RET(FPCFGA_LIB_ERR);
}
(void) sprintf(copy_rep, "%s%s%ld", FAB_REPOSITORY, COPY_EXT,
*** 428,438 ****
CLEANUP_N_RET(FPCFGA_OK); /* SUCCESS */
}
/* construct temp file name using pid. */
if ((tmp_rep = (char *)calloc(1, strlen(FAB_REPOSITORY) +
! sizeof (TMP_EXT) + sizeof (pid_t))) == NULL) {
cfga_err(errstring, errno, ERR_UPD_REP, 0);
CLEANUP_N_RET(FPCFGA_LIB_ERR);
}
(void) sprintf(tmp_rep, "%s%s%ld", FAB_REPOSITORY,
--- 431,441 ----
CLEANUP_N_RET(FPCFGA_OK); /* SUCCESS */
}
/* construct temp file name using pid. */
if ((tmp_rep = (char *)calloc(1, strlen(FAB_REPOSITORY) +
! sizeof (TMP_EXT) + pid_maxlen)) == NULL) {
cfga_err(errstring, errno, ERR_UPD_REP, 0);
CLEANUP_N_RET(FPCFGA_LIB_ERR);
}
(void) sprintf(tmp_rep, "%s%s%ld", FAB_REPOSITORY,
*** 523,533 ****
CLEANUP_N_RET(FPCFGA_OK); /* SUCCESS */
}
/* construct temp file name using pid. */
if ((tmp_rep = (char *)calloc(1, strlen(FAB_REPOSITORY) +
! sizeof (TMP_EXT) + sizeof (pid_t))) == NULL) {
cfga_err(errstring, errno, ERR_UPD_REP, 0);
CLEANUP_N_RET(FPCFGA_LIB_ERR);
}
(void) sprintf(tmp_rep, "%s%s%ld", FAB_REPOSITORY,
--- 526,536 ----
CLEANUP_N_RET(FPCFGA_OK); /* SUCCESS */
}
/* construct temp file name using pid. */
if ((tmp_rep = (char *)calloc(1, strlen(FAB_REPOSITORY) +
! sizeof (TMP_EXT) + pid_maxlen)) == NULL) {
cfga_err(errstring, errno, ERR_UPD_REP, 0);
CLEANUP_N_RET(FPCFGA_LIB_ERR);
}
(void) sprintf(tmp_rep, "%s%s%ld", FAB_REPOSITORY,