big-one Udiff usr/src/lib/cfgadm_plugins/fp/common/cfga

Print this page

NEX-9323  cfgadm FC plugin allocates insufficient memory for internal
buffers
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>

@@ -18,16 +18,18 @@
  *
  * CDDL HEADER END
  */
 /*
  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2017 Nexenta Systems, Inc. All rights reserved.
  * Use is subject to license terms.
  */
 
 
 
 #include <libgen.h>
+#include <limits.h>
 #include "cfga_fp.h"
 
 /* The following are used by update_fabric_wwn_list() */
 #define COPY_EXT        ".cpy."         /* Extn used in naming backup file */
 #define TMP_EXT         ".tmp."         /* Extn used in naming temp file */

@@ -220,10 +222,11 @@
 update_fabric_wwn_list(int cmd, const char *update_str, char **errstring)
 {
         int     fd, copy_fd, tmp_fd, new_file_flag = 0;
         int     len, write_offset, bytes_left;
         int     sizeof_rep_hdr = strlen(HDR);
+        int     pid_maxlen = snprintf(NULL, 0, "%d", PID_MAX) + 1;
         char    *repbuf, *c_repbuf, *t_repbuf;
         char    *copy_rep, *tmp_rep, *upd_str;
         off_t   filesize, size;
         struct stat     stbuf;

@@ -301,11 +304,11 @@
         strcat(upd_str, "\n");          /* Append a new line char */
         len = strlen(upd_str);
 
         if (filesize > 0) {
                 if ((copy_rep = (char *)calloc(1, strlen(FAB_REPOSITORY) +
-                                sizeof (COPY_EXT) + sizeof (pid_t))) == NULL) {
+                                sizeof (COPY_EXT) + pid_maxlen)) == NULL) {
                         cfga_err(errstring, errno, ERR_UPD_REP, 0);
                         CLEANUP_N_RET(FPCFGA_LIB_ERR);
                 }
 
                 (void) sprintf(copy_rep, "%s%s%ld", FAB_REPOSITORY, COPY_EXT,

@@ -428,11 +431,11 @@
                         CLEANUP_N_RET(FPCFGA_OK); /* SUCCESS */
                 }
 
                 /* construct temp file name using pid. */
                 if ((tmp_rep = (char *)calloc(1, strlen(FAB_REPOSITORY) +
-                                sizeof (TMP_EXT) + sizeof (pid_t))) == NULL) {
+                                sizeof (TMP_EXT) + pid_maxlen)) == NULL) {
                         cfga_err(errstring, errno, ERR_UPD_REP, 0);
                         CLEANUP_N_RET(FPCFGA_LIB_ERR);
                 }
 
                 (void) sprintf(tmp_rep, "%s%s%ld", FAB_REPOSITORY,

@@ -523,11 +526,11 @@
                         CLEANUP_N_RET(FPCFGA_OK); /* SUCCESS */
                 }
 
                 /* construct temp file name using pid. */
                 if ((tmp_rep = (char *)calloc(1, strlen(FAB_REPOSITORY) +
-                                sizeof (TMP_EXT) + sizeof (pid_t))) == NULL) {
+                                sizeof (TMP_EXT) + pid_maxlen)) == NULL) {
                         cfga_err(errstring, errno, ERR_UPD_REP, 0);
                         CLEANUP_N_RET(FPCFGA_LIB_ERR);
                 }
 
                 (void) sprintf(tmp_rep, "%s%s%ld", FAB_REPOSITORY,