Skip to content

Commit af760f8

Browse files
tianhuaslijinxia
tianhuas
authored and
lijinxia
committed
tools: acrn-manager: refine the usage of api 'snprintf'
Return value check for snprintf function Tracked-On: #1254 Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com> Acked-by: Yan, Like <like.yan@intel.com> Reviewed-by: Yonghua Huang <yonghua.huang@intel.com> Reviewed-by: Kaige Fu <kaige.fu@intel.com>
1 parent 5493804 commit af760f8

File tree

4 files changed

+113
-41
lines changed

4 files changed

+113
-41
lines changed

tools/acrn-manager/acrn_mngr.c

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -300,7 +300,10 @@ static int create_new_server(const char *name)
300300
int ret;
301301
char path[128] = { };
302302

303-
snprintf(path, sizeof(path), MNGR_SOCK_FMT, name, getpid());
303+
if (snprintf(path, sizeof(path), MNGR_SOCK_FMT, name, getpid()) >= sizeof(path)) {
304+
printf("WARN: the path is truncated\n");
305+
return -1;
306+
}
304307

305308
mfd = calloc(1, sizeof(*mfd));
306309
if (!mfd) {
@@ -449,7 +452,7 @@ static int connect_to_server(const char *name)
449452
mfd->addr.sun_family = AF_UNIX;
450453
ret = snprintf(mfd->addr.sun_path, sizeof(mfd->addr.sun_path),
451454
"/run/acrn/mngr/%s", s_name);
452-
if ((ret >= 0) && (ret < strlen(s_name)))
455+
if (ret >= sizeof(mfd->addr.sun_path))
453456
printf("WARN: %s is truncated\n", s_name);
454457

455458
ret =

tools/acrn-manager/acrn_vm_ops.c

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -258,7 +258,10 @@ int shell_cmd(const char *cmd, char *outbuf, int len)
258258

259259
memset(cmd_buf, 0, sizeof(cmd_buf));
260260
memset(outbuf, 0, len);
261-
snprintf(cmd_buf, sizeof(cmd_buf), "%s 2>&1", cmd);
261+
if (snprintf(cmd_buf, sizeof(cmd_buf), "%s 2>&1", cmd) >= sizeof(cmd_buf)) {
262+
printf("ERROR: shell command is truncated\n");
263+
return -1;
264+
}
262265
ptr = popen(cmd_buf, "re");
263266
if (!ptr)
264267
return -1;
@@ -317,8 +320,11 @@ int start_vm(const char *vmname)
317320
{
318321
char cmd[128];
319322

320-
snprintf(cmd, sizeof(cmd), "bash %s/add/%s.sh $(cat %s/add/%s.args)",
321-
ACRNCTL_OPT_ROOT, vmname, ACRNCTL_OPT_ROOT, vmname);
323+
if (snprintf(cmd, sizeof(cmd), "bash %s/add/%s.sh $(cat %s/add/%s.args)",
324+
ACRNCTL_OPT_ROOT, vmname, ACRNCTL_OPT_ROOT, vmname) >= sizeof(cmd)) {
325+
printf("ERROR: command is truncated\n");
326+
return -1;
327+
}
322328

323329
return system(cmd);
324330
}

tools/acrn-manager/acrnctl.c

Lines changed: 87 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -106,8 +106,11 @@ static int write_tmp_file(int fd, int n, char *word[])
106106
if (!strcmp(word[0] + len - strlen("acrn-dm"), "acrn-dm")) {
107107
find_acrn_dm++;
108108
memset(buf, 0, sizeof(buf));
109-
snprintf(buf, sizeof(buf), "%s gentmpfile",
110-
acrnctl_bin_path);
109+
if (snprintf(buf, sizeof(buf), "%s gentmpfile",
110+
acrnctl_bin_path) >= sizeof(buf)) {
111+
printf("ERROR: acrnctl bin path is truncated\n");
112+
return -1;
113+
}
111114
ret = write(fd, buf, strlen(buf));
112115
if (ret < 0)
113116
return -1;
@@ -117,7 +120,8 @@ static int write_tmp_file(int fd, int n, char *word[])
117120

118121
while (i < n) {
119122
memset(buf, 0, sizeof(buf));
120-
snprintf(buf, sizeof(buf), " %s", word[i]);
123+
if (snprintf(buf, sizeof(buf), " %s", word[i]) >= sizeof(buf))
124+
printf("WARN: buf is truncated\n");
121125
i++;
122126
ret = write(fd, buf, strlen(buf));
123127
if (ret < 0)
@@ -191,7 +195,12 @@ static int acrnctl_do_add(int argc, char *argv[])
191195

192196
/* open tmp file for write */
193197
memset(fname, 0, sizeof(fname));
194-
snprintf(fname, sizeof(fname), "%s%s", argv[1], TMP_FILE_SUFFIX);
198+
if (snprintf(fname, sizeof(fname), "%s%s", argv[1], TMP_FILE_SUFFIX)
199+
>= sizeof(fname)) {
200+
printf("ERROR: file name is truncated\n");
201+
ret = -1;
202+
goto file_exceed;
203+
}
195204
fd_tmp = open(fname, O_RDWR | O_CREAT | O_TRUNC, 0666);
196205
if (fd_tmp < 0) {
197206
perror(fname);
@@ -229,29 +238,50 @@ static int acrnctl_do_add(int argc, char *argv[])
229238
goto no_acrn_dm;
230239
}
231240

232-
snprintf(cmd, sizeof(cmd), "mv %s %s.back", argv[1], argv[1]);
241+
if (snprintf(cmd, sizeof(cmd), "mv %s %s.back", argv[1], argv[1])
242+
>= sizeof(cmd)) {
243+
printf("ERROR: cmd is truncated\n");
244+
ret = -1;
245+
goto get_vmname;
246+
}
233247
system(cmd);
234248

235-
snprintf(cmd, sizeof(cmd), "mv %s %s", fname, argv[1]);
249+
if (snprintf(cmd, sizeof(cmd), "mv %s %s", fname, argv[1]) >= sizeof(cmd)) {
250+
printf("ERROR: cmd is truncated\n");
251+
ret = -1;
252+
goto get_vmname;
253+
}
236254
system(cmd);
237255

238256
memset(vmname, 0, sizeof(vmname));
239-
snprintf(cmd, sizeof(cmd), "bash %s%s >./%s.result", argv[1],
240-
args, argv[1]);
257+
if (snprintf(cmd, sizeof(cmd), "bash %s%s >./%s.result", argv[1],
258+
args, argv[1]) >= sizeof(cmd)) {
259+
printf("ERROR: cmd is truncated\n");
260+
ret = -1 ;
261+
goto get_vmname;
262+
}
241263
ret = shell_cmd(cmd, cmd_out, sizeof(cmd_out));
242264
if (ret < 0)
243265
goto get_vmname;
244266

245-
snprintf(cmd, sizeof(cmd), "grep -a \"acrnctl: \" ./%s.result",
246-
argv[1]);
267+
if (snprintf(cmd, sizeof(cmd), "grep -a \"acrnctl: \" ./%s.result",
268+
argv[1]) >= sizeof(cmd)) {
269+
printf("ERROR: cmd is truncated\n");
270+
ret = -1;
271+
goto get_vmname;
272+
}
247273
ret = shell_cmd(cmd, cmd_out, sizeof(cmd_out));
248274
if (ret < 0)
249275
goto get_vmname;
250276

251277
ret = sscanf(cmd_out, "acrnctl: %s", vmname);
252278
if (ret != 1) {
253279
ret = -1;
254-
snprintf(cmd, sizeof(cmd), "cat ./%s.result", argv[1]);
280+
281+
if (snprintf(cmd, sizeof(cmd), "cat ./%s.result", argv[1]) >= sizeof(cmd)) {
282+
printf("ERROR: cmd is truncated\n");
283+
goto get_vmname;
284+
}
255285
shell_cmd(cmd, cmd_out, sizeof(cmd_out));
256286

257287
/* Properly null-terminate cmd_out */
@@ -270,7 +300,12 @@ static int acrnctl_do_add(int argc, char *argv[])
270300
goto get_vmname;
271301
}
272302

273-
snprintf(cmd, sizeof(cmd), "mkdir -p %s/add", ACRNCTL_OPT_ROOT);
303+
if (snprintf(cmd, sizeof(cmd), "mkdir -p %s/add", ACRNCTL_OPT_ROOT)
304+
>= sizeof(cmd)) {
305+
printf("ERROR: cmd is truncated\n");
306+
ret = -1;
307+
goto get_vmname;
308+
}
274309
system(cmd);
275310

276311
s = vmmngr_find(vmname);
@@ -281,29 +316,47 @@ static int acrnctl_do_add(int argc, char *argv[])
281316
goto vm_exist;
282317
}
283318

284-
snprintf(cmd, sizeof(cmd), "cp %s.back %s/add/%s.sh", argv[1],
285-
ACRNCTL_OPT_ROOT, vmname);
319+
if (snprintf(cmd, sizeof(cmd), "cp %s.back %s/add/%s.sh", argv[1],
320+
ACRNCTL_OPT_ROOT, vmname) >= sizeof(cmd)) {
321+
printf("ERROR: cmd is truncated\n");
322+
ret = -1;
323+
goto vm_exist;
324+
}
286325
system(cmd);
287326

288-
snprintf(cmd, sizeof(cmd), "echo %s >%s/add/%s.args", args,
289-
ACRNCTL_OPT_ROOT, vmname);
327+
if (snprintf(cmd, sizeof(cmd), "echo %s >%s/add/%s.args", args,
328+
ACRNCTL_OPT_ROOT, vmname) >= sizeof(cmd)) {
329+
printf("ERROR: cmd is truncated\n");
330+
ret = -1;
331+
goto vm_exist;
332+
}
290333
system(cmd);
291334
printf("%s added\n", vmname);
292335

293336
vm_exist:
294337
get_vmname:
295-
snprintf(cmd, sizeof(cmd), "rm -f ./%s.result", argv[1]);
296-
system(cmd);
338+
if (snprintf(cmd, sizeof(cmd), "rm -f ./%s.result", argv[1]) >= sizeof(cmd)) {
339+
printf("WARN: cmd is truncated\n");
340+
} else
341+
system(cmd);
297342

298-
snprintf(cmd, sizeof(cmd), "mv %s %s", argv[1], fname);
299-
system(cmd);
343+
if (snprintf(cmd, sizeof(cmd), "mv %s %s", argv[1], fname) >= sizeof(cmd)) {
344+
printf("ERROR: cmd is truncated\n");
345+
ret = -1;
346+
} else
347+
system(cmd);
300348

301-
snprintf(cmd, sizeof(cmd), "mv %s.back %s", argv[1], argv[1]);
302-
system(cmd);
349+
if (snprintf(cmd, sizeof(cmd), "mv %s.back %s", argv[1], argv[1]) >= sizeof(cmd)) {
350+
printf("ERROR: cmd is truncated\n");
351+
ret = -1;
352+
} else
353+
system(cmd);
303354

304355
no_acrn_dm:
305-
snprintf(cmd, sizeof(cmd), "rm -f %s", fname);
306-
system(cmd);
356+
if (snprintf(cmd, sizeof(cmd), "rm -f %s", fname) >= sizeof(cmd)) {
357+
printf("WARN: cmd is truncated\n");
358+
} else
359+
system(cmd);
307360
write_tmpfile:
308361
close(fd_tmp);
309362
open_tmp_file:
@@ -355,11 +408,17 @@ static int acrnctl_do_del(int argc, char *argv[])
355408
state_str[s->state]);
356409
continue;
357410
}
358-
snprintf(cmd, sizeof(cmd), "rm -f %s/add/%s.sh",
359-
ACRNCTL_OPT_ROOT, argv[i]);
411+
if (snprintf(cmd, sizeof(cmd), "rm -f %s/add/%s.sh",
412+
ACRNCTL_OPT_ROOT, argv[i]) >= sizeof(cmd)) {
413+
printf("WARN: cmd is truncated\n");
414+
return -1;
415+
}
360416
system(cmd);
361-
snprintf(cmd, sizeof(cmd), "rm -f %s/add/%s.args",
362-
ACRNCTL_OPT_ROOT, argv[i]);
417+
if (snprintf(cmd, sizeof(cmd), "rm -f %s/add/%s.args",
418+
ACRNCTL_OPT_ROOT, argv[i]) >= sizeof(cmd)) {
419+
printf("WARN: cmd is truncated\n");
420+
return -1;
421+
}
363422
system(cmd);
364423
}
365424

tools/acrn-manager/acrnd.c

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -219,14 +219,18 @@ static void acrnd_run_vm(char *name)
219219
{
220220
char log_path[128] = {};
221221

222-
snprintf(log_path, sizeof(log_path) -1, ACRND_LOG_FMT, name);
223-
unlink(log_path);
224-
stdin = freopen(log_path, "w+", stdin);
225-
stdout = freopen(log_path, "w+", stdout);
226-
stderr = freopen(log_path, "w+", stderr);
227-
fflush(stdin);
228-
fflush(stdout);
229-
fflush(stderr);
222+
if (snprintf(log_path, sizeof(log_path) -1, ACRND_LOG_FMT, name)
223+
>= sizeof(log_path) -1) {
224+
printf("WARN: log path is truncated\n");
225+
} else {
226+
unlink(log_path);
227+
stdin = freopen(log_path, "w+", stdin);
228+
stdout = freopen(log_path, "w+", stdout);
229+
stderr = freopen(log_path, "w+", stderr);
230+
fflush(stdin);
231+
fflush(stdout);
232+
fflush(stderr);
233+
}
230234

231235
start_vm(name);
232236
printf("%s exited!\n", name);

0 commit comments

Comments
 (0)