diff --git a/tools/acrn-manager/acrn_mngr.c b/tools/acrn-manager/acrn_mngr.c index d9d25e4d2..d05b6ebfa 100644 --- a/tools/acrn-manager/acrn_mngr.c +++ b/tools/acrn-manager/acrn_mngr.c @@ -300,7 +300,10 @@ static int create_new_server(const char *name) int ret; char path[128] = { }; - snprintf(path, sizeof(path), MNGR_SOCK_FMT, name, getpid()); + if (snprintf(path, sizeof(path), MNGR_SOCK_FMT, name, getpid()) >= sizeof(path)) { + printf("WARN: the path is truncated\n"); + return -1; + } mfd = calloc(1, sizeof(*mfd)); if (!mfd) { @@ -449,7 +452,7 @@ static int connect_to_server(const char *name) mfd->addr.sun_family = AF_UNIX; ret = snprintf(mfd->addr.sun_path, sizeof(mfd->addr.sun_path), "/run/acrn/mngr/%s", s_name); - if ((ret >= 0) && (ret < strlen(s_name))) + if (ret >= sizeof(mfd->addr.sun_path)) printf("WARN: %s is truncated\n", s_name); ret = diff --git a/tools/acrn-manager/acrn_vm_ops.c b/tools/acrn-manager/acrn_vm_ops.c index 483eb50d0..867ed45d1 100644 --- a/tools/acrn-manager/acrn_vm_ops.c +++ b/tools/acrn-manager/acrn_vm_ops.c @@ -258,7 +258,10 @@ int shell_cmd(const char *cmd, char *outbuf, int len) memset(cmd_buf, 0, sizeof(cmd_buf)); memset(outbuf, 0, len); - snprintf(cmd_buf, sizeof(cmd_buf), "%s 2>&1", cmd); + if (snprintf(cmd_buf, sizeof(cmd_buf), "%s 2>&1", cmd) >= sizeof(cmd_buf)) { + printf("ERROR: shell command is truncated\n"); + return -1; + } ptr = popen(cmd_buf, "re"); if (!ptr) return -1; @@ -317,8 +320,11 @@ int start_vm(const char *vmname) { char cmd[128]; - snprintf(cmd, sizeof(cmd), "bash %s/add/%s.sh $(cat %s/add/%s.args)", - ACRNCTL_OPT_ROOT, vmname, ACRNCTL_OPT_ROOT, vmname); + if (snprintf(cmd, sizeof(cmd), "bash %s/add/%s.sh $(cat %s/add/%s.args)", + ACRNCTL_OPT_ROOT, vmname, ACRNCTL_OPT_ROOT, vmname) >= sizeof(cmd)) { + printf("ERROR: command is truncated\n"); + return -1; + } return system(cmd); } diff --git a/tools/acrn-manager/acrnctl.c b/tools/acrn-manager/acrnctl.c index e32bd40af..c3a503082 100644 --- a/tools/acrn-manager/acrnctl.c +++ b/tools/acrn-manager/acrnctl.c @@ -106,8 +106,11 @@ static int write_tmp_file(int fd, int n, char *word[]) if (!strcmp(word[0] + len - strlen("acrn-dm"), "acrn-dm")) { find_acrn_dm++; memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), "%s gentmpfile", - acrnctl_bin_path); + if (snprintf(buf, sizeof(buf), "%s gentmpfile", + acrnctl_bin_path) >= sizeof(buf)) { + printf("ERROR: acrnctl bin path is truncated\n"); + return -1; + } ret = write(fd, buf, strlen(buf)); if (ret < 0) return -1; @@ -117,7 +120,8 @@ static int write_tmp_file(int fd, int n, char *word[]) while (i < n) { memset(buf, 0, sizeof(buf)); - snprintf(buf, sizeof(buf), " %s", word[i]); + if (snprintf(buf, sizeof(buf), " %s", word[i]) >= sizeof(buf)) + printf("WARN: buf is truncated\n"); i++; ret = write(fd, buf, strlen(buf)); if (ret < 0) @@ -191,7 +195,12 @@ static int acrnctl_do_add(int argc, char *argv[]) /* open tmp file for write */ memset(fname, 0, sizeof(fname)); - snprintf(fname, sizeof(fname), "%s%s", argv[1], TMP_FILE_SUFFIX); + if (snprintf(fname, sizeof(fname), "%s%s", argv[1], TMP_FILE_SUFFIX) + >= sizeof(fname)) { + printf("ERROR: file name is truncated\n"); + ret = -1; + goto file_exceed; + } fd_tmp = open(fname, O_RDWR | O_CREAT | O_TRUNC, 0666); if (fd_tmp < 0) { perror(fname); @@ -229,21 +238,38 @@ static int acrnctl_do_add(int argc, char *argv[]) goto no_acrn_dm; } - snprintf(cmd, sizeof(cmd), "mv %s %s.back", argv[1], argv[1]); + if (snprintf(cmd, sizeof(cmd), "mv %s %s.back", argv[1], argv[1]) + >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + ret = -1; + goto get_vmname; + } system(cmd); - snprintf(cmd, sizeof(cmd), "mv %s %s", fname, argv[1]); + if (snprintf(cmd, sizeof(cmd), "mv %s %s", fname, argv[1]) >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + ret = -1; + goto get_vmname; + } system(cmd); memset(vmname, 0, sizeof(vmname)); - snprintf(cmd, sizeof(cmd), "bash %s%s >./%s.result", argv[1], - args, argv[1]); + if (snprintf(cmd, sizeof(cmd), "bash %s%s >./%s.result", argv[1], + args, argv[1]) >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + ret = -1 ; + goto get_vmname; + } ret = shell_cmd(cmd, cmd_out, sizeof(cmd_out)); if (ret < 0) goto get_vmname; - snprintf(cmd, sizeof(cmd), "grep -a \"acrnctl: \" ./%s.result", - argv[1]); + if (snprintf(cmd, sizeof(cmd), "grep -a \"acrnctl: \" ./%s.result", + argv[1]) >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + ret = -1; + goto get_vmname; + } ret = shell_cmd(cmd, cmd_out, sizeof(cmd_out)); if (ret < 0) goto get_vmname; @@ -251,7 +277,11 @@ static int acrnctl_do_add(int argc, char *argv[]) ret = sscanf(cmd_out, "acrnctl: %s", vmname); if (ret != 1) { ret = -1; - snprintf(cmd, sizeof(cmd), "cat ./%s.result", argv[1]); + + if (snprintf(cmd, sizeof(cmd), "cat ./%s.result", argv[1]) >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + goto get_vmname; + } shell_cmd(cmd, cmd_out, sizeof(cmd_out)); /* Properly null-terminate cmd_out */ @@ -270,7 +300,12 @@ static int acrnctl_do_add(int argc, char *argv[]) goto get_vmname; } - snprintf(cmd, sizeof(cmd), "mkdir -p %s/add", ACRNCTL_OPT_ROOT); + if (snprintf(cmd, sizeof(cmd), "mkdir -p %s/add", ACRNCTL_OPT_ROOT) + >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + ret = -1; + goto get_vmname; + } system(cmd); s = vmmngr_find(vmname); @@ -281,29 +316,47 @@ static int acrnctl_do_add(int argc, char *argv[]) goto vm_exist; } - snprintf(cmd, sizeof(cmd), "cp %s.back %s/add/%s.sh", argv[1], - ACRNCTL_OPT_ROOT, vmname); + if (snprintf(cmd, sizeof(cmd), "cp %s.back %s/add/%s.sh", argv[1], + ACRNCTL_OPT_ROOT, vmname) >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + ret = -1; + goto vm_exist; + } system(cmd); - snprintf(cmd, sizeof(cmd), "echo %s >%s/add/%s.args", args, - ACRNCTL_OPT_ROOT, vmname); + if (snprintf(cmd, sizeof(cmd), "echo %s >%s/add/%s.args", args, + ACRNCTL_OPT_ROOT, vmname) >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + ret = -1; + goto vm_exist; + } system(cmd); printf("%s added\n", vmname); vm_exist: get_vmname: - snprintf(cmd, sizeof(cmd), "rm -f ./%s.result", argv[1]); - system(cmd); + if (snprintf(cmd, sizeof(cmd), "rm -f ./%s.result", argv[1]) >= sizeof(cmd)) { + printf("WARN: cmd is truncated\n"); + } else + system(cmd); - snprintf(cmd, sizeof(cmd), "mv %s %s", argv[1], fname); - system(cmd); + if (snprintf(cmd, sizeof(cmd), "mv %s %s", argv[1], fname) >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + ret = -1; + } else + system(cmd); - snprintf(cmd, sizeof(cmd), "mv %s.back %s", argv[1], argv[1]); - system(cmd); + if (snprintf(cmd, sizeof(cmd), "mv %s.back %s", argv[1], argv[1]) >= sizeof(cmd)) { + printf("ERROR: cmd is truncated\n"); + ret = -1; + } else + system(cmd); no_acrn_dm: - snprintf(cmd, sizeof(cmd), "rm -f %s", fname); - system(cmd); + if (snprintf(cmd, sizeof(cmd), "rm -f %s", fname) >= sizeof(cmd)) { + printf("WARN: cmd is truncated\n"); + } else + system(cmd); write_tmpfile: close(fd_tmp); open_tmp_file: @@ -355,11 +408,17 @@ static int acrnctl_do_del(int argc, char *argv[]) state_str[s->state]); continue; } - snprintf(cmd, sizeof(cmd), "rm -f %s/add/%s.sh", - ACRNCTL_OPT_ROOT, argv[i]); + if (snprintf(cmd, sizeof(cmd), "rm -f %s/add/%s.sh", + ACRNCTL_OPT_ROOT, argv[i]) >= sizeof(cmd)) { + printf("WARN: cmd is truncated\n"); + return -1; + } system(cmd); - snprintf(cmd, sizeof(cmd), "rm -f %s/add/%s.args", - ACRNCTL_OPT_ROOT, argv[i]); + if (snprintf(cmd, sizeof(cmd), "rm -f %s/add/%s.args", + ACRNCTL_OPT_ROOT, argv[i]) >= sizeof(cmd)) { + printf("WARN: cmd is truncated\n"); + return -1; + } system(cmd); } diff --git a/tools/acrn-manager/acrnd.c b/tools/acrn-manager/acrnd.c index baf125aba..4b167a6dc 100644 --- a/tools/acrn-manager/acrnd.c +++ b/tools/acrn-manager/acrnd.c @@ -219,14 +219,18 @@ static void acrnd_run_vm(char *name) { char log_path[128] = {}; - snprintf(log_path, sizeof(log_path) -1, ACRND_LOG_FMT, name); - unlink(log_path); - stdin = freopen(log_path, "w+", stdin); - stdout = freopen(log_path, "w+", stdout); - stderr = freopen(log_path, "w+", stderr); - fflush(stdin); - fflush(stdout); - fflush(stderr); + if (snprintf(log_path, sizeof(log_path) -1, ACRND_LOG_FMT, name) + >= sizeof(log_path) -1) { + printf("WARN: log path is truncated\n"); + } else { + unlink(log_path); + stdin = freopen(log_path, "w+", stdin); + stdout = freopen(log_path, "w+", stdout); + stderr = freopen(log_path, "w+", stderr); + fflush(stdin); + fflush(stdout); + fflush(stderr); + } start_vm(name); printf("%s exited!\n", name);