[CRIU] [PATCH] Escape using unsafe sprintf helper

Wed Jun 20 04:16:17 EDT 2012

Util it's very critical for speed we should
not use unsafe sprintf helper, we're root-granted
program and must be as safe as possible.

Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
---
 cr-restore.c |    2 +-
 files.c      |    2 +-
 netfilter.c  |    2 +-
 shmem.c      |    2 +-
 util.c       |    2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/cr-restore.c b/cr-restore.c
index d5c15d9..8f104f9 100644
--- a/cr-restore.c
+++ b/cr-restore.c
@@ -711,7 +711,7 @@ static int restore_root_task(struct pstree_item *init, struct cr_options *opts)
 	 */
 
 	if (init->pid.pid == 1) {
-		sprintf(proc_mountpoint, "/tmp/crtools-proc.XXXXXX");
+		snprintf(proc_mountpoint, sizeof(proc_mountpoint), "/tmp/crtools-proc.XXXXXX");
 		if (mkdtemp(proc_mountpoint) == NULL) {
 			pr_err("mkdtemp failed %m");
 			return -1;
diff --git a/files.c b/files.c
index c81e72c..82b9fad 100644
--- a/files.c
+++ b/files.c
@@ -217,7 +217,7 @@ static int open_remap_ghost(struct reg_file_info *rfi,
 	if (read_img(ifd, &gfe) < 0)
 		return -1;
 
-	sprintf(gf->path, "%s.cr.%x.ghost", rfi->path, rfe->remap_id);
+	snprintf(gf->path, PATH_MAX, "%s.cr.%x.ghost", rfi->path, rfe->remap_id);
 	gfd = open(gf->path, O_WRONLY | O_CREAT | O_EXCL, gfe.mode);
 	if (gfd < 0) {
 		pr_perror("Can't open ghost file");
diff --git a/netfilter.c b/netfilter.c
index eebde5d..a67591f 100644
--- a/netfilter.c
+++ b/netfilter.c
@@ -34,7 +34,7 @@ static int nf_connection_switch_raw(u32 *src_addr, u16 src_port, u32 *dst_addr,
 		return -1;
 	}
 
-	sprintf(buf, nf_conn_cmd, lock ? "-A" : "-D",
+	snprintf(buf, sizeof(buf), nf_conn_cmd, lock ? "-A" : "-D",
 			dip, (int)dst_port, sip, (int)src_port);
 
 	pr_debug("\tRunning iptables [%s]\n", buf);
diff --git a/shmem.c b/shmem.c
index 4d6a185..38f04b5 100644
--- a/shmem.c
+++ b/shmem.c
@@ -114,7 +114,7 @@ static int shmem_wait_and_open(int pid, struct shmem_info *si)
 	char path[128];
 	int ret;
 
-	sprintf(path, "/proc/%d/map_files/%lx-%lx",
+	snprintf(path, sizeof(path), "/proc/%d/map_files/%lx-%lx",
 		si->pid, si->start, si->end);
 
 	pr_info("Waiting for [%s] to appear\n", path);
diff --git a/util.c b/util.c
index 82980c7..4a62016 100644
--- a/util.c
+++ b/util.c
@@ -268,7 +268,7 @@ inline int open_pid_proc(pid_t pid)
 			return fd;
 	}
 
-	sprintf(path, "%d", pid);
+	snprintf(path, sizeof(path), "%d", pid);
 	fd = openat(proc_dir_fd, path, O_RDONLY);
 	if (fd < 0)
 		pr_perror("Can't open %s", path);
-- 
1.7.7.6

