c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2024-11-17 18:11:00 +03:00
Code Issues Packages Projects Releases Wiki Activity
55c12724d3
mirror_zfs/tests/zfs-tests/cmd/dir_rd_update.c
Richard Yao a51288aabb
Fix unsafe string operations 
Coverity caught unsafe use of `strcpy()` in `ztest_dmu_objset_own()`,
`nfs_init_tmpfile()` and `dump_snapshot()`. It also caught an unsafe use
of `strlcat()` in `nfs_init_tmpfile()`.

Inspired by this, I did an audit of every single usage of `strcpy()` and
`strcat()` in the code. If I could not prove that the usage was safe, I
changed the code to use either `strlcpy()` or `strlcat()`, depending on
which function was originally used. In some cases, `snprintf()` was used
to replace multiple uses of `strcat` because it was cleaner.

Whenever I changed a function, I preferred to use `sizeof(dst)` when the
compiler is able to provide the string size via that. When it could not
because the string was passed by a caller, I checked the entire call
tree of the function to find out how big the buffer was and hard coded
it. Hardcoding is less than ideal, but it is safe unless someone shrinks
the buffer sizes being passed.

Additionally, Coverity reported three more string related issues:

 * It caught a case where we do an overlapping memory copy in a call to
   `snprintf()`. We fix that via `kmem_strdup()` and `kmem_strfree()`.

 * It caught `sizeof (buf)` being used instead of `buflen` in
   `zdb_nicenum()`'s call to `zfs_nicenum()`, which is passed to
   `snprintf()`. We change that to pass `buflen`.

 * It caught a theoretical unterminated string passed to `strcmp()`.
   This one is likely a false positive, but we have the information
   needed to do this more safely, so we change this to silence the false
   positive not just in coverity, but potentially other static analysis
   tools too. We switch to `strncmp()`.

 * There was a false positive in tests/zfs-tests/cmd/dir_rd_update.c. We
   suppress it by switching to `snprintf()` since other static analysis
   tools might complain about it too. Interestingly, there is a possible
   real bug there too, since it assumes that the passed directory path
   ends with '/'. We add a '/' to fix that potential bug.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13913
2022-09-27 16:47:24 -07:00

136 lines
3.1 KiB
C
Raw Blame History

/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or https://opensource.org/licenses/CDDL-1.0.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* Assertion:
*
* A read operation and directory update operation performed
* concurrently on the same directory can lead to deadlock
* on a UFS logging file system, but not on a ZFS file system.
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#define TMP_DIR /tmp
static char dirpath[256];
int
main(int argc, char **argv)
{
const char *cp1 = "";
int i = 0;
int ret = 0;
int testdd = 0;
pid_t pid;
static const int op_num = 5;
if (argc == 1) {
(void) printf("Usage: %s <mount point>\n", argv[0]);
exit(-1);
}
for (i = 0; i < 256; i++) {
dirpath[i] = 0;
}
cp1 = argv[1];
if (strlen(cp1) >= (sizeof (dirpath) - strlen("/TMP_DIR"))) {
(void) printf("The string length of mount point is "
"too large\n");
exit(-1);
}
(void) snprintf(dirpath, sizeof (dirpath), "%s/TMP_DIR", cp1);
ret = mkdir(dirpath, 0777);
if (ret != 0) {
if (errno != EEXIST) {
(void) printf("%s: mkdir(<%s>, 0777) failed: errno "
"(decimal)=%d\n", argv[0], dirpath, errno);
exit(-1);
}
}
testdd = open(dirpath, O_RDONLY|O_RSYNC|O_SYNC|O_DSYNC);
if (testdd < 0) {
(void) printf("%s: open(<%s>, O_RDONLY|O_RSYNC|O_SYNC|O_DSYNC)"
" failed: errno (decimal)=%d\n", argv[0], dirpath, errno);
exit(-1);
} else {
(void) close(testdd);
}
pid = fork();
if (pid > 0) {
int fd = open(dirpath, O_RDONLY|O_RSYNC|O_SYNC|O_DSYNC);
char buf[16];
int rdret;
int j = 0;
if (fd < 0) {
(void) printf("%s: open <%s> again failed:"
" errno = %d\n", argv[0], dirpath, errno);
exit(-1);
}
while (j < op_num) {
(void) sleep(1);
rdret = read(fd, buf, 16);
if (rdret == -1) {
(void) printf("readdir failed");
}
j++;
}
(void) close(fd);
} else if (pid == 0) {
int fd = open(dirpath, O_RDONLY);
int chownret;
int k = 0;
if (fd < 0) {
(void) printf("%s: open(<%s>, O_RDONLY) again failed:"
" errno (decimal)=%d\n", argv[0], dirpath, errno);
exit(-1);
}
while (k < op_num) {
(void) sleep(1);
chownret = fchown(fd, 0, 0);
if (chownret == -1) {
(void) printf("chown failed");
}
k++;
}
(void) close(fd);
}
return (0);
}
Reference in New Issue View Git Blame Copy Permalink