Giters

pmem / ndctl

A "device memory" enabling project encompassing tools and libraries for CXL, NVDIMMs, DAX, memory tiering and other platform memory device topics.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Using the secure function snprintf

foolstrong opened this issue · comments

commented

In the source code, a large number of functions use sprintf to process strings, which may cause overflow risks. You are advised to use snprintf to ensure that strings no out of the bounds.

commented

for example

static void *add_dax_dev(void *parent, int id, const char *daxdev_base)
{
	 const char *devname = devpath_to_devname(daxdev_base);
	 char *path = calloc(1, strlen(daxdev_base) + 100);
	 struct daxctl_region *region = parent;
	 struct daxctl_ctx *ctx = region->ctx;
	 struct daxctl_dev *dev, *dev_dup;
	 char buf[SYSFS_ATTR_SIZE];
	 struct stat st;

	if (!path)
		return NULL;
	dbg(ctx, "%s: base: \'%s\'\n", __func__, daxdev_base);

	dev = calloc(1, sizeof(*dev));
	if (!dev)
		goto err_dev;
	dev->id = id;
	dev->region = region;

	sprintf(path, "/dev/%s", devname);
	if (stat(path, &st) < 0)
		goto err_read;
	dev->major = major(st.st_rdev);
	dev->minor = minor(st.st_rdev);

	sprintf(path, "%s/resource", daxdev_base);
	if (sysfs_read_attr(ctx, path, buf) == 0)
		dev->resource = strtoull(buf, NULL, 0);
	else
		dev->resource = iomem_get_dev_resource(ctx, daxdev_base);

	sprintf(path, "%s/size", daxdev_base);
	if (sysfs_read_attr(ctx, path, buf) < 0)
		goto err_read;
	dev->size = strtoull(buf, NULL, 0);

	/* Device align attribute is only available in v5.10 or up */
	sprintf(path, "%s/align", daxdev_base);
	if (!sysfs_read_attr(ctx, path, buf))
		dev->align = strtoull(buf, NULL, 0);
	else
		dev->align = 0;

	dev->dev_path = strdup(daxdev_base);
	if (!dev->dev_path)
		goto err_read;

	dev->dev_buf = calloc(1, strlen(daxdev_base) + 50);
	if (!dev->dev_buf)
		goto err_read;
	dev->buf_len = strlen(daxdev_base) + 50;

	sprintf(path, "%s/target_node", daxdev_base);
	if (sysfs_read_attr(ctx, path, buf) == 0)
		dev->target_node = strtol(buf, NULL, 0);
	else
		dev->target_node = -1;

	daxctl_dev_foreach(region, dev_dup)
		if (dev_dup->id == dev->id) {
			free_dev(dev, NULL);
			free(path);
			return dev_dup;
		}
	dev->num_mappings = -1;
	list_head_init(&dev->mappings);
	list_add(&region->devices, &dev->list);
	free(path);
	return dev;
 err_read:
	free(dev->dev_buf);
	free(dev->dev_path);
	free(dev);
 err_dev:
	free(path);
	return NULL;
}