This reverts commit 03a9b481c7.
Andrew Deason wrote,
"Briefly, 'host' structures are allocated without clearing all of the
contents to '0'. Only part of the structure is cleared, according to the
HOST_TO_ZERO macro. Unfortunately I put the new tmay_ fields right below
the 'index' field for some reason, so this means they aren't zeroed and
can contain garbage. This means we can easily segfault in the fileserver
when we try to access the pointers in there.
"We access uninitialized memory for every 'host' that is allocated. So
the chance of us corrupting memory is the chance that a particular
pointer-sized area of memory from 'malloc' is not already NULL.
"That seems pretty likely, but it's not so frequent as to have the
fileserver effectively "constantly" crashing at the site that noticed.
So it has not been a fire drill, but it has been noticeable (we heard
about it I think yesterday, and got details today when it happened
again). The noticing incident was a segfault, but an abort or sigbus are
probably also likely.
"Of course, the chances of noticing go way up with more clients. I expect
the chances dramatically increase if you have more than 512 client hosts
hit the box, since the first block of 512 are allocated before we really
do anything. For the next 512, it seems much more likely that 'malloc'
will give us back non-zeroed data. But this is just theory.
"With the incident I know about, the crash happened semi-quickly after
the server started (a few minutes). But it seems likely to occur after
the server has been up for a long time, if/when you cross the next line
of 512 hosts.
"I am also concerned that this can easily be corrupting memory without
being noticed via a crash (or it takes a while to crash), since we are
potentially free'ing invalid pointers, or stomping over someone else's
memory, etc etc."
Change-Id: I20bd40fc9df69247884099a0623e6db40908b3e8
Add vos restore to the list of operations which are logged
when the volserver is running with the -log option. Example
log line:
admin on 172.16.50.141 is executing Restore 536870969
Reviewed-on: http://gerrit.openafs.org/9926
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit eb7b3dac48)
Change-Id: If09d8d170c14cfd71c181cbdc87c6027ee570c45
Reviewed-on: http://gerrit.openafs.org/11153
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The amount of space allocated for use by the pioctl call to
obtain the ACL for the source directory in the "up" command
is not large enough and the call fails when access lists get
sufficiently large.
This change increases the size of the space provided to
pioctl to the maximum possible. This allows for much larger
access lists and is consistent with a similar call in the
"fs listacl" command).
Reviewed-on: http://gerrit.openafs.org/9753
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 639453196d)
Change-Id: I4fabbe3fc294c076bd786d43f5e9d2dd0b32e99d
Reviewed-on: http://gerrit.openafs.org/11111
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
As of Fedora 17 and RHEL 7, depmod has moved from /sbin to /usr/sbin.
The full path to depmod is used in package scripts and as a dependency.
This hasn't caused problems in most cases because on an installed
system a link /sbin -> /usr/sbin is present and during ordinary package
installations yum/rpm correctly then figure out that /sbin/depmod is
actually provided. But in other situations, the dependency check is not
that clever and (incorrectly) fails.
Add a macro to the spec defining the full path to depmod, use the macro
rather than plain /sbin/depmod throughout the spec, and also pass it to
kmodtool when required to generate the kmod package scripts and
requirements.
FIXES 131860
Reviewed-on: http://gerrit.openafs.org/11128
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: D Brashear <shadow@your-file-system.com>
(cherry picked from commit c20c01185e)
Change-Id: Ib9e0bfe586de668ddba6fb82ff1ea2a081277150
Reviewed-on: http://gerrit.openafs.org/11171
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The server, process and stat_type parameters are declared as
required when the command syntax is set up - so they must be
present when the command handler is called. So, don't bother
checking for them.
Caught by coverity (#985963, #985964, #985965, #985966, #985967,
#985968, #985969, #985970, #985971, #985972,
#985973, #985974, #985975, #985976, #985977)
Reviewed-on: http://gerrit.openafs.org/9399
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit f5b462c9d4)
Change-Id: I4ea58eadbc97a934bb54a346086cdaf77ab28b9c
Reviewed-on: http://gerrit.openafs.org/11048
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Dan Hyde <drh@umich.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
It is not always clear to users whether BosConfig.new is noticed
during an automatic restart, or if it requires stopping and starting
the bosserver. Slightly reword the relevant text and add a small note
that a "general restart" does cause BosConfig.new to be noticed, so
this is explicitly clear.
Reviewed-on: http://gerrit.openafs.org/11076
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 3946b50a7e)
Change-Id: Ia630aec6ef5259fc3c3fd531fdf8fda8a4152c54
Reviewed-on: http://gerrit.openafs.org/11216
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Apparently this predates AFS 3.0 so it should be safe to remove.
Reviewed-on: http://gerrit.openafs.org/10935
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit cc39ac77c6)
Change-Id: Ia034b8a14c000ee2772ba555a45a9776a20aff43
Reviewed-on: http://gerrit.openafs.org/10945
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
We report 'fake' values for free space, free file nodes, etc for the
'AFS' filesystem, since these values are not meaningful for AFS
itself. Currently we report about 9G of free space for most platforms,
and a few different values for a few others. Raise all of these to
2^32-1, so that trying to copy over 9G of data into AFS does not fail
for those applications that check the destination free space with
statfs(2). Note that one such application is KDE 4.8.x.
Consolidate all places that do this, and put the 'fake' value in one
place, AFS_VFS_FAKEFREE, along with the relevant comments.
Related issues reported by Lars Schimmer, Richard Brittain, and
others.
Reviewed-on: http://gerrit.openafs.org/9688
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Markus Koeberl <markus.koeberl@tugraz.at>
Tested-by: Markus Koeberl <markus.koeberl@tugraz.at>
Reviewed-by: D Brashear <shadow@your-file-system.com>
(cherry picked from commit e385571ba3)
Change-Id: Id9b5fa92f48bc83b84bb4f50bc0ae25b028694b0
Reviewed-on: http://gerrit.openafs.org/10984
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
readlink returns a non-NUL terminated buffer. If we are going to
terminate its response, we need to make sure that there's space to
do so. So the length passed to readlink should be one less than the
real length of the buffer.
This is a 1.6-only change
It is inspired by commit 25011b4544
which cannot be cherry picked due to other missing commits on
the 1.6 branch, like 763ec5250d.
Change-Id: I5c3f2946f7c1b8e935ae46bc195f58e207e115d6
Reviewed-on: http://gerrit.openafs.org/11054
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Commit 54eb2485b5 removed the
implementation of bnode_Deactivate(), which had been #ifdef'd out
for a long time, but left the prototype in place. Remove the
obsolete declaration in bosprototypes.h as well.
Reviewed-on: http://gerrit.openafs.org/10868
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 01a7c64e47)
Change-Id: Ic1ca95ef455705a14cf68f0801d73789cc7bd4b5
Reviewed-on: http://gerrit.openafs.org/11192
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
This is a 1.6 only change to complement the preceding commit.
On the master branch, this modification is part of commit
a9b8fd81bf which otherwise comprises
changes not foreseen to be applied to 1.6.
Change-Id: I44678c2fb15f136d70f2d38a3996ad3d7d0455d5
Reviewed-on: http://gerrit.openafs.org/10891
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The ka_IsZero and ka_PrintBytes function just use char strings. Cast
directly, rather than going via a helper functions to simplify this
code.
The helper functions add complexity, and additional dependencies which
cause problems with some uses of this code.
Reviewed-on: http://gerrit.openafs.org/7066
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementix.org>
(cherry picked from commit 46c5aabfc6)
Change-Id: Ifee3178e5cdc2eab947f759541864ecea4345b7a
Reviewed-on: http://gerrit.openafs.org/10867
Reviewed-by: D Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
vos convertROtoRW leaves the older RW copy on the original fileserver,
although it is no longer in the VLDB. Provide the user with some hints
regarding clean up.
Reviewed-on: http://gerrit.openafs.org/9408
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Tested-by: Ken Dreyer <ktdreyer@ktdreyer.com>
(cherry picked from commit 279345c231)
Change-Id: Id273ab86bfe68f89ef629f0c4d839882852e09ab
Reviewed-on: http://gerrit.openafs.org/11126
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Tested-by: Stephan Wiesand <stephan.wiesand@desy.de>
This stuff has been #if 0'd for ages; put it out of its misery.
While here, remove the global bnode_waiting which is not used for anything.
bnode_SoftInt claims to return a pointer, so return NULL instead of 0.
Reviewed-on: http://gerrit.openafs.org/10284
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 54eb2485b5)
Change-Id: Ife2604f1a99ef81e2075a82cb97d94ae5373031c
Reviewed-on: http://gerrit.openafs.org/10864
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
our indentation did not match our braces so we would never read all the
objects in each unixuser hash chain. add the missing braces
Reviewed-on: http://gerrit.openafs.org/11094
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: D Brashear <shadow@your-file-system.com>
(cherry picked from commit 279e010516)
Change-Id: If8d4faf8a9cc301d231c1f7b11ab5bb9ca721451
Reviewed-on: http://gerrit.openafs.org/11093
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Perry Ruiter <pruiter@sinenomine.net>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Nathaniel Filardo <nwfilardo@gmail.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
When converting a volume header from host to network order, make
sure that any unused fields in the structure are zero'd, so we don't
end up filling them with stack garbage in the network version of
the structure.
Caught by coverity (#985956)
Reviewed-on: http://gerrit.openafs.org/9548
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit 21166744bf)
Change-Id: I7156cc51f52a8c9911d6ce087ba0a6b1cc0d9a9e
Reviewed-on: http://gerrit.openafs.org/11065
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
If the user specifies a ridiculously long command line, don't
overflow the filename or hostname buffers with what they supply.
Caught by coverity (#985911)
Reviewed-on: http://gerrit.openafs.org/9546
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit d672d5ee78)
Change-Id: Id86f5488bfb3bbf5794af43e9f8fe84a2fe796c3
Reviewed-on: http://gerrit.openafs.org/11064
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The fullname buffer in CompFindUser is theoretically big enough
to take the data usually supplied to it. However, play it safe by
using strlcat and strlcpy to catch buffer overflows.
Caught by coverity (#985771)
Reviewed-on: http://gerrit.openafs.org/9543
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit cc95fca8e1)
Change-Id: I900611e13d6254c4410915b0688b18a3b6c4acc3
Reviewed-on: http://gerrit.openafs.org/11063
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
If the filename passed to open_file was larger than MAXPATHLEN-5,
then we'd overflow the oldName buffer when creating the backup
filename. Fix the overflow by using a malloc'd buffer instead.
Caught by coverity (#985767)
Reviewed-on: http://gerrit.openafs.org/9448
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit b0b3def56c)
Change-Id: I3993de8e4372c30d35e6e675042511f85ba9d014
Reviewed-on: http://gerrit.openafs.org/11062
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The cell, realm and path arrays are populated based on the user's
command line, and xlog_path is populated from their passwd map
entry. Protect against all of these overflowing, by making suitable
use of strlcpy and strlcat.
Caught by coverity (#985764, #985904)
Reviewed-on: http://gerrit.openafs.org/9446
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 2902ef9397)
Change-Id: I1c8b72aa087902e45cef758844193949471170c5
Reviewed-on: http://gerrit.openafs.org/11060
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
When working with the fixed length cellname buffer, use
strlcat and strlcpy rather than strcat and strcpy.
Caught by coverity (#985763)
Reviewed-on: http://gerrit.openafs.org/9445
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 19d2683d71)
Change-Id: I91c169380600496a8b5148fffcb1a21feb1eee29
Reviewed-on: http://gerrit.openafs.org/11059
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
In the auth_to_path routine, don't use strcpy and strcat when
working with the fixed length pathtocheck buffer. Instead, use
strlcpy and strlcat to ensure that all string operations fit within
the buffer limits.
Caught by coverity (#985762)
Reviewed-on: http://gerrit.openafs.org/9444
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 788a6b67a0)
Change-Id: I9abb8ab33da1d72e42764969e5527d443eea9652
Reviewed-on: http://gerrit.openafs.org/11058
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Don't do an unbounded copy into the thresh structure's handler
string, in case the caller has passed us a string which is too
long.
Instead, switch to strlcpy for all string copies.
Caught by coverity (#985761)
Reviewed-on: http://gerrit.openafs.org/9443
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 95cd5b1d95)
Change-Id: Id8d7f3b97ac3ccbf65862d61b2f9e9d39baeb162
Reviewed-on: http://gerrit.openafs.org/11057
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
We copy the results of gethostbyaddr into a fixed length buffer
without checking whether they fit. Add a length check, and use
strlcpy to do the copy to make sure we can't overflow.
Caught by coverity (#985912, #985872)
Reviewed-on: http://gerrit.openafs.org/9393
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit fcb7974b83)
Change-Id: I2d7f781c159999e721504cd6eec408db93bb703c
Reviewed-on: http://gerrit.openafs.org/11056
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
knfs constructs the userName by combining the clientName.name
and clientName.instance arrays, along with a dot separator. Make
sure that the userName array is big enough to hold these, and
use strlcpy and strlcat just to make sure.
Caught by coverity (#985829)
Reviewed-on: http://gerrit.openafs.org/9351
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit cc194827a8)
Change-Id: Iec62a0e0fb830e8bfc76896733269d0511c5a8d9
Reviewed-on: http://gerrit.openafs.org/11055
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The pftix variable points to the next free element in the
printfTypes array, so when we iterate through that array to
read that data back, we should stop when our iterator equals
pftix, not when it is greater than it.
Caught by coverity (#986013)
Reviewed-on: http://gerrit.openafs.org/9442
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 908105fe8d)
Change-Id: I2dec4dc3b041093e1d1ac2ea4546a341e9b00687
Reviewed-on: http://gerrit.openafs.org/11053
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
If the user supplies enough command line arguments, but doesn't
provide a passwdfile, then we can end up trying to open whatever
garbage is on the stack.
Once we've finished parsing the command line arguments, make sure
that a filename was supplied.
Caught by coverity (#986009)
Reviewed-on: http://gerrit.openafs.org/9441
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit d812716408)
Change-Id: I66d38c04c0f9519c401d3299e7d3ece57d001d96
Reviewed-on: http://gerrit.openafs.org/11052
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
If the user supplies enough command line arguments, but doesn't
provide a groupfile, then we can end up trying to open whatever
garbage is on the stack.
Once we've finished parsing the command line arguments, make sure
that a filename was supplied.
Caught by coverity (#986008)
Reviewed-on: http://gerrit.openafs.org/9440
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 3c564444cf)
Change-Id: I8d0bb6ec6a39ad095959ede0252dc6f00777515e
Reviewed-on: http://gerrit.openafs.org/11051
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The libadmin pts_UserCreate function uses the value passed to
it in newUserId to control whether the user is being created
with a user supplied ID or not.
Initialise this value in the caller, so we don't end up creating
users with corrupt ids.
Caught by clang (#985979)
Reviewed-on: http://gerrit.openafs.org/9401
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 5cf4415c8a)
Change-Id: I0e91352a98f63b386185abf9860dc056cb775821
Reviewed-on: http://gerrit.openafs.org/11050
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The libadmin pts_GroupCreate function uses the value passed to
it in newGroupId to control whether the group is being created
with a user supplied ID or not.
Initialise this value in the caller, so we don't end up creating
groups with corrupt ids.
Caught by clang (#985978)
Reviewed-on: http://gerrit.openafs.org/9400
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit ece7bd669a)
Change-Id: I51750db47f7709406c079c4fbeec561228359e73
Reviewed-on: http://gerrit.openafs.org/11049
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
If we jump to the error handler early on in pts_GroupOwnerChange,
idlist may not have been used, and so we will end up trying to
free stack garbage.
Initialise the structure to 0 at the start of the function, so it
is always safe to enter the error handler.
Caught by coverity (#985962)
Reviewed-on: http://gerrit.openafs.org/9398
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 8260d86dda)
Change-Id: I79f7fe3cba11a2904c644e6747511e3630d74a79
Reviewed-on: http://gerrit.openafs.org/11047
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
If ka_log is called without a principal string, then the resulting
buffer will be garbage, as we don't start with a string for strlcat
to append to.
Caught by coverity (#985959)
Reviewed-on: http://gerrit.openafs.org/9396
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 508674486a)
Change-Id: Ib65f63a1a7adef73d56d61ea59adfbca430dff13
Reviewed-on: http://gerrit.openafs.org/11045
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Initialise the parms array to 0 so that we don't get warnings from
the compiler when we call syscall() using it.
Caught by coverity (#985949)
Reviewed-on: http://gerrit.openafs.org/9395
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit a666bfd67b)
Change-Id: Ia777a33c1332fe9a1f00cc56be3980f0d50b69ea
Reviewed-on: http://gerrit.openafs.org/11044
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
When we're constructing a homedirectory path to look for the
.AFSSERVER file in, we copy the HOME environment variable into a
static buffer, with a risk of overflowing that buffer.
Instead of using a static buffer, just allocate one with asprintf.
Caught by coverity (#985910)
Reviewed-on: http://gerrit.openafs.org/9392
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit f322b0ff1e)
Change-Id: I588fecf4caee64915fc2e7730f68f051d6faa92a
Reviewed-on: http://gerrit.openafs.org/11043
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
When we copy the user supplied hostname into the fixed length
hnamebuf array, we might overflow it. As we never use this buffer,
just get rid of it.
Caught by coverity (#985913)
Reviewed-on: http://gerrit.openafs.org/9394
Reviewed-by: Marc Dionne <marc.c.dionne@gmail.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit b32d92268f)
Change-Id: I09d119745dfdc9545af4912bd27f8ee09ccefd1f
Reviewed-on: http://gerrit.openafs.org/11042
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
afsconf_cell's hostName structure is a fixed length. Don't overflow
it by writing whatever comes back from gethostbyaddr into it. Use
strlcpy to catch an overflow, and if one occurs, just use
"UNKNOWNHOST", rather than a truncated host name.
Caught by coverity (#985906)
Reviewed-on: http://gerrit.openafs.org/9354
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit fed5dac9f2)
Change-Id: I468f66585e19623d62dee8730141767bd050ed1d
Reviewed-on: http://gerrit.openafs.org/11041
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The maximum volume name length in the VLDB RPCs is VL_MAXNAMELEN
(65), not 64 as used as a hardcoded value in vsprocs. Switch to
using the defined value, and also use strlcat to check that we
don't overflow this.
Caught by coverity (#985849)
Reviewed-on: http://gerrit.openafs.org/9353
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 79abe9d68e)
Change-Id: I0e1dd46be835e74fc43335606bf5ab8341678251
Reviewed-on: http://gerrit.openafs.org/11040
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Fix malformed merge error left over from
commit 4f9ec8396d
where we converted strcat to strlcat.
Reviewed-on: http://gerrit.openafs.org/10963
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
(cherry picked from commit e6110959e8)
Change-Id: I3ac39245f9151f319ab5d5bb6b6d17dd13446ac1
Reviewed-on: http://gerrit.openafs.org/11039
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The maximum volume name length in the VLDB RPCs is VL_MAXNAMELEN
(65), not 64 as used as a hardcoded value in vsprocs. Switch to
using the defined value, and also use strlcat to check that we
don't overflow this.
Caught by coverity (#985849)
Reviewed-on: http://gerrit.openafs.org/9352
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 4f9ec8396d)
Change-Id: I7e2dfcaf23312dde123515e2c7329df1fa62de3e
Reviewed-on: http://gerrit.openafs.org/11038
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The cell string within a ktc_principal is only 64 characters long.
Be careful not to overflow it.
Caught by coverity (#985829)
Reviewed-on: http://gerrit.openafs.org/9350
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 77aa6c65b7)
Change-Id: I7e0411ce635d481cf1618c2eabf79dfb85fcd069
Reviewed-on: http://gerrit.openafs.org/11037
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
If the kernel gives us bogus data back from the VIOCGETTOK pioctl,
we might overflow the cell string when copying in to it. Use
strlcpy to avoid this (unlikely) occurrence.
Caught by coverity (#985768, #985769)
Reviewed-on: http://gerrit.openafs.org/9349
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 362728d2d6)
Change-Id: I839c330a232525ddccc7957ead785c7ed9beec88
Reviewed-on: http://gerrit.openafs.org/11036
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
readlink doesn't NUL terminate its return string, so it is up to
us to do so.
Caught by coverity (#985739)
Reviewed-on: http://gerrit.openafs.org/9347
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 2fac53522e)
Change-Id: I9d47a6a7cbc86fba3f68f7e47c5d7a0fb924781f
Reviewed-on: http://gerrit.openafs.org/11035
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The base array has VL_MAX_ADDREXTBLKS elements. Use this when
checking for an array overflow, rather than VL_ADDREXTBLK_SIZE.
Caught by coverity (#985600)
Reviewed-on: http://gerrit.openafs.org/9346
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 6a54bf7358)
Change-Id: I056432a1bf85b175ee4fc307d0662d072724b272
Reviewed-on: http://gerrit.openafs.org/11034
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
PackageIndex++ returns the pre-index value of PackageIndex, so the
error statement isn't run when PackageIndex == MAX_PACKAGES. This
means we go on to overflow all of the arrays that are MAX_PACKAGES
in size.
Caught by coverity (#985583, #985584, #985585, #985586,
#985587, #985588, #985589)
Reviewed-on: http://gerrit.openafs.org/9325
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit a1d8109c8f)
Change-Id: I5278bff5fe6be1bf127b240f7752c69385a9da24
Reviewed-on: http://gerrit.openafs.org/11033
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
The ubik connections array is NULL terminated, so we have to
ensure that there is enough space for the trailing NULL. As the
array is MAXSERVERS elements long, this means that we can only
store MAXSERVERS-1 connections in it.
This problem will never be encountered by the correct code, as
the number of hosts returned from afsconf_Open is capped at
MAXHOSTSPERCELL (currently 8). MAXSERVERS is currently 20. However,
fix the bug in case we increase MAXHOSTSPERCELL at some point in
the future.
Caught by coverity (#985576)
Reviewed-on: http://gerrit.openafs.org/9322
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit c0fba6eab5)
Change-Id: I1e2556df6867ebb7b6b311e54a0271fb6fe631fd
Reviewed-on: http://gerrit.openafs.org/11032
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
Include the ResidencyRpc in the list of fs operation numbers that
can be display by xstat_cm_test.
Caught by coverity (#989029)
Reviewed-on: http://gerrit.openafs.org/9320
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 64630d07b8)
Change-Id: If14fb4e6929ea667b2dde18b381ab5c59c6bf8db
Reviewed-on: http://gerrit.openafs.org/11031
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
