From 4cf3e48a3ba6f142bef2f27662ad51e09e89f97d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Sat, 15 May 2021 12:23:45 +0200 Subject: [PATCH] libzfs: format safety MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Brian Behlendorf Reviewed-by: Ryan Moeller Signed-off-by: Ahelenia ZiemiaƄska Closes #12116 --- lib/libzfs/libzfs_dataset.c | 26 +++++++++++--------------- lib/libzfs/libzfs_diff.c | 10 +++++----- lib/libzfs/libzfs_mount.c | 8 +++----- lib/libzfs/libzfs_pool.c | 36 ++++++++++++++++-------------------- lib/libzfs/libzfs_sendrecv.c | 33 +++++++++++++++------------------ lib/libzfs/libzfs_util.c | 4 ++-- 6 files changed, 52 insertions(+), 65 deletions(-) diff --git a/lib/libzfs/libzfs_dataset.c b/lib/libzfs/libzfs_dataset.c index e73418947..2accfff28 100644 --- a/lib/libzfs/libzfs_dataset.c +++ b/lib/libzfs/libzfs_dataset.c @@ -1261,9 +1261,9 @@ zfs_valid_proplist(libzfs_handle_t *hdl, zfs_type_t type, nvlist_t *nvl, intval > maxbs || !ISP2(intval))) { zfs_nicebytes(maxbs, buf, sizeof (buf)); zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, - "invalid '%s=%d' property: must be zero or " - "a power of 2 from 512B to %s"), propname, - intval, buf); + "invalid '%s=%llu' property: must be zero " + "or a power of 2 from 512B to %s"), + propname, (unsigned long long)intval, buf); (void) zfs_error(hdl, EZFS_BADPROP, errbuf); goto error; } @@ -4835,8 +4835,6 @@ zfs_userspace(zfs_handle_t *zhp, zfs_userquota_prop_t type, zc.zc_nvlist_dst_size = sizeof (buf); if (zfs_ioctl(hdl, ZFS_IOC_USERSPACE_MANY, &zc) != 0) { - char errbuf[1024]; - if ((errno == ENOTSUP && (type == ZFS_PROP_USEROBJUSED || type == ZFS_PROP_GROUPOBJUSED || @@ -4848,10 +4846,9 @@ zfs_userspace(zfs_handle_t *zhp, zfs_userquota_prop_t type, type == ZFS_PROP_PROJECTQUOTA))) break; - (void) snprintf(errbuf, sizeof (errbuf), + return (zfs_standard_error_fmt(hdl, errno, dgettext(TEXT_DOMAIN, - "cannot get used/quota for %s"), zc.zc_name); - return (zfs_standard_error_fmt(hdl, errno, errbuf)); + "cannot get used/quota for %s"), zc.zc_name)); } if (zc.zc_nvlist_dst_size == 0) break; @@ -5080,7 +5077,7 @@ zfs_release(zfs_handle_t *zhp, const char *snapname, const char *tag, (void) zfs_error(hdl, EZFS_BADVERSION, errbuf); break; default: - (void) zfs_standard_error_fmt(hdl, errno, errbuf); + (void) zfs_standard_error(hdl, errno, errbuf); } } @@ -5099,7 +5096,7 @@ zfs_release(zfs_handle_t *zhp, const char *snapname, const char *tag, (void) zfs_error(hdl, EZFS_BADTYPE, errbuf); break; default: - (void) zfs_standard_error_fmt(hdl, + (void) zfs_standard_error(hdl, fnvpair_value_int32(elem), errbuf); } } @@ -5156,17 +5153,16 @@ tryagain: err = zfs_error(hdl, EZFS_NOENT, errbuf); break; default: - err = zfs_standard_error_fmt(hdl, errno, errbuf); + err = zfs_standard_error(hdl, errno, errbuf); break; } } else { /* success */ int rc = nvlist_unpack(nvbuf, zc.zc_nvlist_dst_size, nvl, 0); if (rc) { - (void) snprintf(errbuf, sizeof (errbuf), dgettext( + err = zfs_standard_error_fmt(hdl, rc, dgettext( TEXT_DOMAIN, "cannot get permissions on '%s'"), zc.zc_name); - err = zfs_standard_error_fmt(hdl, rc, errbuf); } } @@ -5219,7 +5215,7 @@ zfs_set_fsacl(zfs_handle_t *zhp, boolean_t un, nvlist_t *nvl) err = zfs_error(hdl, EZFS_NOENT, errbuf); break; default: - err = zfs_standard_error_fmt(hdl, errno, errbuf); + err = zfs_standard_error(hdl, errno, errbuf); break; } } @@ -5256,7 +5252,7 @@ zfs_get_holds(zfs_handle_t *zhp, nvlist_t **nvl) err = zfs_error(hdl, EZFS_NOENT, errbuf); break; default: - err = zfs_standard_error_fmt(hdl, errno, errbuf); + err = zfs_standard_error(hdl, errno, errbuf); break; } } diff --git a/lib/libzfs/libzfs_diff.c b/lib/libzfs/libzfs_diff.c index 79268cb4b..d46e23a2f 100644 --- a/lib/libzfs/libzfs_diff.c +++ b/lib/libzfs/libzfs_diff.c @@ -744,7 +744,7 @@ zfs_show_diffs(zfs_handle_t *zhp, int outfd, const char *fromsnap, } if (pipe2(pipefd, O_CLOEXEC)) { - zfs_error_aux(zhp->zfs_hdl, strerror(errno)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(errno)); teardown_differ_info(&di); return (zfs_error(zhp->zfs_hdl, EZFS_PIPEFAILED, errbuf)); } @@ -757,7 +757,7 @@ zfs_show_diffs(zfs_handle_t *zhp, int outfd, const char *fromsnap, di.datafd = pipefd[0]; if (pthread_create(&tid, NULL, differ, &di)) { - zfs_error_aux(zhp->zfs_hdl, strerror(errno)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(errno)); (void) close(pipefd[0]); (void) close(pipefd[1]); teardown_differ_info(&di); @@ -783,14 +783,14 @@ zfs_show_diffs(zfs_handle_t *zhp, int outfd, const char *fromsnap, zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN, "\n Not an earlier snapshot from the same fs")); } else if (errno != EPIPE || di.zerr == 0) { - zfs_error_aux(zhp->zfs_hdl, strerror(errno)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(errno)); } (void) close(pipefd[1]); (void) pthread_cancel(tid); (void) pthread_join(tid, NULL); teardown_differ_info(&di); if (di.zerr != 0 && di.zerr != EPIPE) { - zfs_error_aux(zhp->zfs_hdl, strerror(di.zerr)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(di.zerr)); return (zfs_error(zhp->zfs_hdl, EZFS_DIFF, di.errbuf)); } else { return (zfs_error(zhp->zfs_hdl, EZFS_DIFFDATA, errbuf)); @@ -801,7 +801,7 @@ zfs_show_diffs(zfs_handle_t *zhp, int outfd, const char *fromsnap, (void) pthread_join(tid, NULL); if (di.zerr != 0) { - zfs_error_aux(zhp->zfs_hdl, strerror(di.zerr)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(di.zerr)); return (zfs_error(zhp->zfs_hdl, EZFS_DIFF, di.errbuf)); } teardown_differ_info(&di); diff --git a/lib/libzfs/libzfs_mount.c b/lib/libzfs/libzfs_mount.c index d3f7e6106..d7c728f3f 100644 --- a/lib/libzfs/libzfs_mount.c +++ b/lib/libzfs/libzfs_mount.c @@ -538,19 +538,17 @@ zfs_mount_at(zfs_handle_t *zhp, const char *options, int flags, zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Insufficient privileges")); } else if (rc == ENOTSUP) { - char buf[256]; int spa_version; VERIFY(zfs_spa_version(zhp, &spa_version) == 0); - (void) snprintf(buf, sizeof (buf), - dgettext(TEXT_DOMAIN, "Can't mount a version %lld " + zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, + "Can't mount a version %llu " "file system on a version %d pool. Pool must be" " upgraded to mount this file system."), (u_longlong_t)zfs_prop_get_int(zhp, ZFS_PROP_VERSION), spa_version); - zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, buf)); } else { - zfs_error_aux(hdl, strerror(rc)); + zfs_error_aux(hdl, "%s", strerror(rc)); } return (zfs_error_fmt(hdl, EZFS_MOUNTFAILED, dgettext(TEXT_DOMAIN, "cannot mount '%s'"), diff --git a/lib/libzfs/libzfs_pool.c b/lib/libzfs/libzfs_pool.c index 310352ce1..adc36c47f 100644 --- a/lib/libzfs/libzfs_pool.c +++ b/lib/libzfs/libzfs_pool.c @@ -563,8 +563,8 @@ zpool_valid_proplist(libzfs_handle_t *hdl, const char *poolname, if (intval < version || !SPA_VERSION_IS_SUPPORTED(intval)) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, - "property '%s' number %d is invalid."), - propname, intval); + "property '%s' number %llu is invalid."), + propname, (unsigned long long)intval); (void) zfs_error(hdl, EZFS_BADVERSION, errbuf); goto error; } @@ -574,10 +574,11 @@ zpool_valid_proplist(libzfs_handle_t *hdl, const char *poolname, if (intval != 0 && (intval < ASHIFT_MIN || intval > ASHIFT_MAX)) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, - "property '%s' number %d is invalid, only " - "values between %" PRId32 " and " - "%" PRId32 " are allowed."), - propname, intval, ASHIFT_MIN, ASHIFT_MAX); + "property '%s' number %llu is invalid, " + "only values between %" PRId32 " and %" + PRId32 " are allowed."), + propname, (unsigned long long)intval, + ASHIFT_MIN, ASHIFT_MAX); (void) zfs_error(hdl, EZFS_BADPROP, errbuf); goto error; } @@ -685,7 +686,7 @@ zpool_valid_proplist(libzfs_handle_t *hdl, const char *poolname, case ZPOOL_COMPATIBILITY_BADFILE: case ZPOOL_COMPATIBILITY_BADTOKEN: case ZPOOL_COMPATIBILITY_NOFILES: - zfs_error_aux(hdl, report); + zfs_error_aux(hdl, "%s", report); (void) zfs_error(hdl, EZFS_BADPROP, errbuf); goto error; } @@ -1648,10 +1649,6 @@ zpool_export_common(zpool_handle_t *zhp, boolean_t force, boolean_t hardforce, const char *log_str) { zfs_cmd_t zc = {"\0"}; - char msg[1024]; - - (void) snprintf(msg, sizeof (msg), dgettext(TEXT_DOMAIN, - "cannot export '%s'"), zhp->zpool_name); (void) strlcpy(zc.zc_name, zhp->zpool_name, sizeof (zc.zc_name)); zc.zc_cookie = force; @@ -1666,11 +1663,13 @@ zpool_export_common(zpool_handle_t *zhp, boolean_t force, boolean_t hardforce, "'%s' has an active shared spare which could be" " used by other pools once '%s' is exported."), zhp->zpool_name, zhp->zpool_name); - return (zfs_error(zhp->zpool_hdl, EZFS_ACTIVE_SPARE, - msg)); + return (zfs_error_fmt(zhp->zpool_hdl, EZFS_ACTIVE_SPARE, + dgettext(TEXT_DOMAIN, "cannot export '%s'"), + zhp->zpool_name)); default: return (zpool_standard_error_fmt(zhp->zpool_hdl, errno, - msg)); + dgettext(TEXT_DOMAIN, "cannot export '%s'"), + zhp->zpool_name)); } } @@ -2080,7 +2079,7 @@ zpool_import_props(libzfs_handle_t *hdl, nvlist_t *config, const char *newname, "the zgenhostid(8) command.\n")); } - (void) zfs_error_aux(hdl, aux); + (void) zfs_error_aux(hdl, "%s", aux); } (void) zfs_error(hdl, EZFS_ACTIVE_POOL, desc); break; @@ -4520,13 +4519,10 @@ int zpool_events_clear(libzfs_handle_t *hdl, int *count) { zfs_cmd_t zc = {"\0"}; - char msg[1024]; - - (void) snprintf(msg, sizeof (msg), dgettext(TEXT_DOMAIN, - "cannot clear events")); if (zfs_ioctl(hdl, ZFS_IOC_EVENTS_CLEAR, &zc) != 0) - return (zpool_standard_error_fmt(hdl, errno, msg)); + return (zpool_standard_error(hdl, errno, + dgettext(TEXT_DOMAIN, "cannot clear events"))); if (count != NULL) *count = (int)zc.zc_cookie; /* # of events cleared */ diff --git a/lib/libzfs/libzfs_sendrecv.c b/lib/libzfs/libzfs_sendrecv.c index 511895d18..8b732bb22 100644 --- a/lib/libzfs/libzfs_sendrecv.c +++ b/lib/libzfs/libzfs_sendrecv.c @@ -768,7 +768,7 @@ zfs_send_space(zfs_handle_t *zhp, const char *snapname, const char *from, case EFAULT: case EROFS: case EINVAL: - zfs_error_aux(hdl, strerror(error)); + zfs_error_aux(hdl, "%s", strerror(error)); return (zfs_error(hdl, EZFS_BADBACKUP, errbuf)); default: @@ -849,7 +849,7 @@ dump_ioctl(zfs_handle_t *zhp, const char *fromsnap, uint64_t fromsnap_obj, case ERANGE: case EFAULT: case EROFS: - zfs_error_aux(hdl, strerror(errno)); + zfs_error_aux(hdl, "%s", strerror(errno)); return (zfs_error(hdl, EZFS_BADBACKUP, errbuf)); default: @@ -1479,7 +1479,7 @@ estimate_size(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags, err = pthread_create(&ptid, NULL, send_progress_thread, &pa); if (err != 0) { - zfs_error_aux(zhp->zfs_hdl, strerror(errno)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(errno)); return (zfs_error(zhp->zfs_hdl, EZFS_THREADCREATEFAILED, errbuf)); } @@ -1505,7 +1505,7 @@ estimate_size(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags, } if (err != 0) { - zfs_error_aux(zhp->zfs_hdl, strerror(err)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(err)); return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP, errbuf)); } @@ -1822,7 +1822,7 @@ zfs_send_resume_impl(libzfs_handle_t *hdl, sendflags_t *flags, int outfd, case ERANGE: case EFAULT: case EROFS: - zfs_error_aux(hdl, strerror(errno)); + zfs_error_aux(hdl, "%s", strerror(errno)); return (zfs_error(hdl, EZFS_BADBACKUP, errbuf)); default: @@ -2082,13 +2082,13 @@ send_prelim_records(zfs_handle_t *zhp, const char *from, int fd, err = dump_record(&drr, packbuf, buflen, &zc, fd); free(packbuf); if (err != 0) { - zfs_error_aux(zhp->zfs_hdl, strerror(err)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(err)); return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP, errbuf)); } err = send_conclusion_record(fd, &zc); if (err != 0) { - zfs_error_aux(zhp->zfs_hdl, strerror(err)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(err)); return (zfs_error(zhp->zfs_hdl, EZFS_BADBACKUP, errbuf)); } @@ -2507,7 +2507,7 @@ zfs_send_one(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags, err = pthread_create(&ptid, NULL, send_progress_thread, &pa); if (err != 0) { - zfs_error_aux(zhp->zfs_hdl, strerror(errno)); + zfs_error_aux(zhp->zfs_hdl, "%s", strerror(errno)); return (zfs_error(zhp->zfs_hdl, EZFS_THREADCREATEFAILED, errbuf)); } @@ -2522,13 +2522,10 @@ zfs_send_one(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags, (void) pthread_cancel(ptid); (void) pthread_join(ptid, &status); int error = (int)(uintptr_t)status; - if (error != 0 && status != PTHREAD_CANCELED) { - char errbuf[1024]; - (void) snprintf(errbuf, sizeof (errbuf), - dgettext(TEXT_DOMAIN, "progress thread exited " - "nonzero")); - return (zfs_standard_error(hdl, error, errbuf)); - } + if (error != 0 && status != PTHREAD_CANCELED) + return (zfs_standard_error_fmt(hdl, error, + dgettext(TEXT_DOMAIN, + "progress thread exited nonzero"))); } if (flags->props || flags->holds || flags->backup) { @@ -2576,7 +2573,7 @@ zfs_send_one(zfs_handle_t *zhp, const char *from, int fd, sendflags_t *flags, case EPIPE: case ERANGE: case EROFS: - zfs_error_aux(hdl, strerror(errno)); + zfs_error_aux(hdl, "%s", strerror(errno)); return (zfs_error(hdl, EZFS_BADBACKUP, errbuf)); default: @@ -5078,8 +5075,8 @@ zfs_receive_impl(libzfs_handle_t *hdl, const char *tosnap, if (!DMU_STREAM_SUPPORTED(featureflags) || (hdrtype != DMU_SUBSTREAM && hdrtype != DMU_COMPOUNDSTREAM)) { zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, - "stream has unsupported feature, feature flags = %lx"), - featureflags); + "stream has unsupported feature, feature flags = %llx"), + (unsigned long long)featureflags); return (zfs_error(hdl, EZFS_BADSTREAM, errbuf)); } diff --git a/lib/libzfs/libzfs_util.c b/lib/libzfs/libzfs_util.c index 7a6e92692..4170cf019 100644 --- a/lib/libzfs/libzfs_util.c +++ b/lib/libzfs/libzfs_util.c @@ -483,7 +483,7 @@ zfs_standard_error_fmt(libzfs_handle_t *hdl, int error, const char *fmt, ...) zfs_verror(hdl, EZFS_BADPROP, fmt, ap); break; default: - zfs_error_aux(hdl, strerror(error)); + zfs_error_aux(hdl, "%s", strerror(error)); zfs_verror(hdl, EZFS_UNKNOWN, fmt, ap); break; } @@ -734,7 +734,7 @@ zpool_standard_error_fmt(libzfs_handle_t *hdl, int error, const char *fmt, ...) zfs_verror(hdl, EZFS_IOC_NOTSUPPORTED, fmt, ap); break; default: - zfs_error_aux(hdl, strerror(error)); + zfs_error_aux(hdl, "%s", strerror(error)); zfs_verror(hdl, EZFS_UNKNOWN, fmt, ap); }