diff --git a/source/lib/uapi/kcore_utils.c b/source/lib/uapi/kcore_utils.c index e58b45c21151eae4508d706367b3036a5b02ed71..0471bc02d969cf54c83cff6a8a991f9622c74932 100644 --- a/source/lib/uapi/kcore_utils.c +++ b/source/lib/uapi/kcore_utils.c @@ -249,7 +249,7 @@ static int download_btf() strcat(sysak_path, kernel); } - snprintf(dw, LEN + LEN + LEN, "wget -T 5 -t 2 -q -O %s/vmlinux-%s https://sysom-cn-%s.oss-cn-%s%s.aliyuncs.com/home/hive/btf/%s/vmlinux-%s", sysak_path, kernel, ®ion[3],®ion[3], timeout,arch, kernel); + snprintf(dw, sizeof(dw), "wget -T 5 -t 2 -q -O %s/vmlinux-%s https://sysom-cn-%s.oss-cn-%s%s.aliyuncs.com/home/hive/btf/%s/vmlinux-%s", sysak_path, kernel, ®ion[3],®ion[3], timeout,arch, kernel); do_cmd(dw, kernel, LEN); return 0; @@ -292,4 +292,4 @@ char *prepare_btf_file() } return btf; -} \ No newline at end of file +} diff --git a/source/lib/uapi/pidComm.c b/source/lib/uapi/pidComm.c index ef4c733784671391a54f0fcfaf8e5bec56abe8bd..e46fae3a0e2b22864a5070f4d454d2fee132d384 100644 --- a/source/lib/uapi/pidComm.c +++ b/source/lib/uapi/pidComm.c @@ -85,8 +85,8 @@ static inline int get_con_cgpath_bypid(char *subpath, long pid, const char* cg, if (!fp) return errno; - memset(buf_512, 0, 1024); - while(fgets(buf_512, 1024, fp)) { + memset(buf_512, 0, sizeof(buf_512)); + while(fgets(buf_512, sizeof(buf_512), fp)) { size_t len; char *token; if((token = strstr(buf_512, cg)) != NULL) { diff --git a/source/sysak.c b/source/sysak.c index 67e0db5dd9fc11b365dba52e6695c72354d6aa8e..95ba3564c449d104cf38e48394e4fb45a57bc5d4 100644 --- a/source/sysak.c +++ b/source/sysak.c @@ -127,8 +127,10 @@ static void kern_release(void) printf("cannot get system version\n"); return; } - strncpy(kern_version, name.release, sizeof(name.release)); - strncpy(machine, name.machine, sizeof(name.machine)); + strncpy(kern_version, name.release, sizeof(kern_version) - 1); + kern_version[sizeof(kern_version) - 1] = '\0'; + strncpy(machine, name.machine, sizeof(machine) - 1); + machine[sizeof(machine) - 1] = '\0'; } static int mod_ctrl(bool enable) @@ -220,12 +222,16 @@ static bool get_module_tag(void) pstr += strlen("sysak_module_tag="); strcpy(module_tag, pstr); strim(module_tag); - if (strlen(module_tag) == 0) + if (strlen(module_tag) == 0) { + fclose(fp); return false; + } + fclose(fp); return true; } } + fclose(fp); return false; } @@ -258,6 +264,11 @@ static int down_install_ext_tools(const char *tool) char rule[LINE_BUFF_LEN]; char *pstr; + char *ppos = strpbrk(tool,";\r\n"); + if (ppos) { + printf("The newline and semicolon characters is not allowd in args \n"); + return -1; + } sprintf(download_cmd, "wget %s/sysak/ext_tools/%s/%s/rule -P %s &>/dev/null", sysak_components_server, machine, tool, tools_path); //printf("%s ... \n", download_cmd); @@ -330,6 +341,12 @@ static int down_install(const char *component_name) char btf_file[MAX_WORK_PATH_LEN]; int ret = 0; + char *ppos = strpbrk(component_name,";\r\n"); + if (ppos) { + printf("The newline and semicolon characters is not allowd in args \n"); + return -1; + } + if (!get_server_addr()) return -1; @@ -573,9 +590,14 @@ static int exectue(int argc, char *argv[]) if (run_depend[0]) add_python_depend(run_depend, subcmd_name); - else - strncpy(tools_exec, subcmd_name, strlen(subcmd_name)); - + else { + size_t len = strlen(subcmd_name); + if (len >= sizeof(tools_exec)) { + len = sizeof(tools_exec) - 1; + } + strncpy(tools_exec, subcmd_name, len); + tools_exec[len] = '\0'; + } snprintf(subcmd_exec_final, sizeof(subcmd_exec_final), "%s;%s", sysak_work_path, tools_exec); ret = my_system(subcmd_exec_final); if (ret < 0) diff --git a/source/tools/detect/generic/syshung_detector/syshung_detector.c b/source/tools/detect/generic/syshung_detector/syshung_detector.c index 2e1168ff04e433dc328b415d0a8d8760ababb49f..da44eca24447632d720ebc2effa33d9d2e7b1a0d 100644 --- a/source/tools/detect/generic/syshung_detector/syshung_detector.c +++ b/source/tools/detect/generic/syshung_detector/syshung_detector.c @@ -165,6 +165,7 @@ static bool load_detect(char *path) if ((long)load_avg_1 >= (LOAD_CPUS_SCALE * smp_num_cpus) / 2){ g_syshung.hung_class = NORMAL_FAULT; g_syshung.event = HU_HIGHLOAD; + fclose(fp); return TRUE; } fclose(fp); @@ -185,7 +186,7 @@ static int calc_taskcount(char *path,int *count) if (strstr(buf,"Name:")) *count++; } - + fclose(fp); } static bool dztask_detect(void) @@ -436,6 +437,7 @@ static int data_storage(char *src, char *dst) fp_dst = fopen(dst, "a+"); if (!fp_dst){ + fclose(fp_src); printf("open %s failed\n", dst); return -1; } diff --git a/source/tools/detect/net/tcpping/src/tcpping.c b/source/tools/detect/net/tcpping/src/tcpping.c index f1ae7556fe432c3b080416a4aed71535adb92caf..c2dc9ac14c8d1ab91fea6a7ec4f0f280ff0842c2 100644 --- a/source/tools/detect/net/tcpping/src/tcpping.c +++ b/source/tools/detect/net/tcpping/src/tcpping.c @@ -593,6 +593,8 @@ static int para_parse(int argc, char **argv) trace_para.delay = atoi(optarg); break; case 'u': + if (!is_number(optarg)) + return -1; trace_para.cpu = atoi(optarg); break; diff --git a/source/tools/detect/pmu/hw_event/hw_event.c b/source/tools/detect/pmu/hw_event/hw_event.c index 6b79f5060c86d202330ee0ed64e822129542286d..c8cae93e66f1103a37ae9d713d1bbba370c7c2e5 100644 --- a/source/tools/detect/pmu/hw_event/hw_event.c +++ b/source/tools/detect/pmu/hw_event/hw_event.c @@ -169,6 +169,7 @@ int main(int argc, char *argv[]) path = origpath; for (;;) { FILE *result; + char *ppos; c = getopt_long(argc, argv, "c:s:h", NULL, &option_index); if (c == -1) break; @@ -177,6 +178,11 @@ int main(int argc, char *argv[]) case 'c': memset(cmd, 0, sizeof(cmd)); memset(buffer, 0, sizeof(buffer)); + ppos = strpbrk(optarg,";\r\n"); + if (ppos) { + printf("The newline and semicolon characters is not allowd in args\n"); + return -1; + } snprintf(cmd, sizeof(cmd)-1, "docker inspect --format \"{{ .Id}}\" %s", optarg); result = popen(cmd, "r"); diff --git a/source/tools/detect/sched/runlatency/json_dump.c b/source/tools/detect/sched/runlatency/json_dump.c index ad2a303f86c8c5d7858f8bcf7bc703745e44ee1d..5fa66dfbd804efac9f7152007ecc800c8e9bd8ac 100644 --- a/source/tools/detect/sched/runlatency/json_dump.c +++ b/source/tools/detect/sched/runlatency/json_dump.c @@ -49,7 +49,7 @@ int clear_file(char *path) int parse_dump(char *file) { char *s; - int ret; + int ret = 0; FILE *outf = NULL; s = malloc(STREAM_SIZE); diff --git a/source/tools/monitor/mservice/master/modules/mod_percpu.c b/source/tools/monitor/mservice/master/modules/mod_percpu.c index dd5f3180ee296108d69ad355798c3883e018804e..02f7ed42fd463c160d2cc43910529b7a5d05bc95 100644 --- a/source/tools/monitor/mservice/master/modules/mod_percpu.c +++ b/source/tools/monitor/mservice/master/modules/mod_percpu.c @@ -75,6 +75,7 @@ read_percpu_stats(struct module *mod) memset(buf, 0, LEN_1M); memset(&st_percpu, 0, STATS_PERCPU_SIZE); if ((fp = fopen(STAT_PATH, "r")) == NULL) { + free(nr_run); return; } memset(nr_run, 0, nr_cpus*sizeof(U_64)); diff --git a/source/tools/monitor/raptor/source/ebpf/cfunc.c b/source/tools/monitor/raptor/source/ebpf/cfunc.c index 374bba3f6e8d4cbc92fb4069b2aa5fdd9221751b..80795f163be57b9e42e91573b5623ccc0c2c9020 100644 --- a/source/tools/monitor/raptor/source/ebpf/cfunc.c +++ b/source/tools/monitor/raptor/source/ebpf/cfunc.c @@ -202,7 +202,7 @@ void cgo_ebpf_cleanup_dog(void *key, int32_t size) static int print_callback(enum libbpf_print_level level, const char *format, va_list args) { - int ret; + int ret = 0; if (env_para.debug) { ret = vfprintf(stderr, format, args); } diff --git a/source/tools/monitor/unity/test/lab/kmsg/kmsg.c b/source/tools/monitor/unity/test/lab/kmsg/kmsg.c index 613fa03cd2a61300dd0b0177d60568cafdb1c4f0..f0b5a5406ff1156842110bf9ac3a9057420debaf 100644 --- a/source/tools/monitor/unity/test/lab/kmsg/kmsg.c +++ b/source/tools/monitor/unity/test/lab/kmsg/kmsg.c @@ -67,6 +67,8 @@ int kmsg_thread_func(void) { perror("kmsg read2 failed."); goto endRead; } + if (ret == 0) + break; buff[ret -1] = '\0'; printf("read: %s\n", buff); @@ -85,4 +87,4 @@ int kmsg_thread_func(void) { int main(void) { kmsg_thread_func(); return 0; -} \ No newline at end of file +}