dm: remove unsafe apis in dm log

tianhuas · acrnsi · commit e749ced4a0b3 · 2019-07-12T09:41:15.000+08:00
sprintf/vsnprintf are not safe, so use snprintf instead of sprintf, use vasprintf instead of vsnprintf. Tracked-On: #3394 Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com> Reviewed-by: Yonghua Huang <yonghua.huang@intel.com> Reviewed-by: Minggui Cao <minggui.cao@intel.com>
diff --git a/devicemodel/log/disk_logger.c b/devicemodel/log/disk_logger.c
@@ -139,7 +139,8 @@ static void write_to_disk(const char *fmt, va_list args)
 {
 	char buffer[DISK_LOG_MAX_LEN];
 	char *file_name = buffer;
-	int len1, len2;
+	char *buf;
+	int len;
 	int write_cnt;
 	struct timespec times = {0, 0};
 
@@ -155,11 +156,23 @@ static void write_to_disk(const char *fmt, va_list args)
 		}
 	}
 
+	len = vasprintf(&buf, fmt, args);
+	if (len < 0)
+		return;
+
 	clock_gettime(CLOCK_MONOTONIC, &times);
-	len1 = sprintf(buffer, "[%5lu.%06lu] ", times.tv_sec, times.tv_nsec / 1000);
-	len2 = vsnprintf(buffer + len1, MAX_ONE_LOG_SIZE, fmt, args);
+	len = snprintf(buffer, DISK_LOG_MAX_LEN, "[%5lu.%06lu] ", times.tv_sec, times.tv_nsec / 1000);
+	if (len < 0 || len >= DISK_LOG_MAX_LEN) {
+		free(buf);
+		return;
+	}
+	len = strnlen(buffer, DISK_LOG_MAX_LEN);
+
+	strncpy(buffer + len, buf, DISK_LOG_MAX_LEN - len);
+	buffer[DISK_LOG_MAX_LEN - 1] = '\0';
+	free(buf);
 
-	write_cnt = write(disk_fd, buffer, len1 + len2);
+	write_cnt = write(disk_fd, buffer, strnlen(buffer, DISK_LOG_MAX_LEN));
 	if (write_cnt < 0) {
 		perror(DISK_PREFIX"write disk failed");
 		close(disk_fd);
diff --git a/devicemodel/log/kmsg_logger.c b/devicemodel/log/kmsg_logger.c
@@ -69,17 +69,21 @@ static void deinit_kmsg(void)
 
 static void write_to_kmsg(const char *fmt, va_list args)
 {
+	char *buf;
 	char kmsg_buf[KMSG_MAX_LEN] = KMSG_PREFIX;
-	int len1, len2;
-	int write_cnt;
+	int len, write_cnt;
 
 	if (kmsg_fd < 0)
 		return;
 
-	len1 = strlen(KMSG_PREFIX);
-	len2 = vsnprintf(kmsg_buf + len1, MAX_ONE_LOG_SIZE, fmt, args);
+	len = vasprintf(&buf, fmt, args);
+	if (len < 0)
+		return;
+	strncpy(kmsg_buf + strlen(KMSG_PREFIX), buf, KMSG_MAX_LEN - strlen(KMSG_PREFIX));
+	kmsg_buf[KMSG_MAX_LEN - 1] = '\0';
+	free(buf);
 
-	write_cnt = write(kmsg_fd, kmsg_buf, len1 + len2);
+	write_cnt = write(kmsg_fd, kmsg_buf, strnlen(kmsg_buf, KMSG_MAX_LEN));
 	if (write_cnt < 0) {
 		perror(KMSG_PREFIX"write kmsg failed");
 		close(kmsg_fd);
