From 12c8c9f904c6ecd51e3349b8373bf4489850095d Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 07:53:40 +0800 Subject: [PATCH 01/12] cfunc: Assign initial values to return variables Signed-off-by: Hailong Liu --- source/tools/monitor/raptor/source/ebpf/cfunc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/tools/monitor/raptor/source/ebpf/cfunc.c b/source/tools/monitor/raptor/source/ebpf/cfunc.c index 374bba3f..80795f16 100644 --- a/source/tools/monitor/raptor/source/ebpf/cfunc.c +++ b/source/tools/monitor/raptor/source/ebpf/cfunc.c @@ -202,7 +202,7 @@ void cgo_ebpf_cleanup_dog(void *key, int32_t size) static int print_callback(enum libbpf_print_level level, const char *format, va_list args) { - int ret; + int ret = 0; if (env_para.debug) { ret = vfprintf(stderr, format, args); } -- Gitee From 0525c6f5b6c3d2feffd26c9ff4761d0343c28da4 Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:15:03 +0800 Subject: [PATCH 02/12] sysak.c: Verify the validity of parameters Signed-off-by: Hailong Liu --- source/sysak.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/source/sysak.c b/source/sysak.c index 67e0db5d..5529ddd7 100644 --- a/source/sysak.c +++ b/source/sysak.c @@ -258,6 +258,11 @@ static int down_install_ext_tools(const char *tool) char rule[LINE_BUFF_LEN]; char *pstr; + char *ppos = strpbrk(tool,";\r\n"); + if (ppos) { + printf("The newline and semicolon characters is not allowd in args \n"); + return -1; + } sprintf(download_cmd, "wget %s/sysak/ext_tools/%s/%s/rule -P %s &>/dev/null", sysak_components_server, machine, tool, tools_path); //printf("%s ... \n", download_cmd); @@ -330,6 +335,12 @@ static int down_install(const char *component_name) char btf_file[MAX_WORK_PATH_LEN]; int ret = 0; + char *ppos = strpbrk(component_name,";\r\n"); + if (ppos) { + printf("The newline and semicolon characters is not allowd in args \n"); + return -1; + } + if (!get_server_addr()) return -1; -- Gitee From dcf66d206b1ee302678388fbc8a3100913f29cbf Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:17:09 +0800 Subject: [PATCH 03/12] sysak.c: Fix possible array out-of-bounds Signed-off-by: Hailong Liu --- source/sysak.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/source/sysak.c b/source/sysak.c index 5529ddd7..10390a53 100644 --- a/source/sysak.c +++ b/source/sysak.c @@ -127,8 +127,10 @@ static void kern_release(void) printf("cannot get system version\n"); return; } - strncpy(kern_version, name.release, sizeof(name.release)); - strncpy(machine, name.machine, sizeof(name.machine)); + strncpy(kern_version, name.release, sizeof(kern_version) - 1); + kern_version[sizeof(kern_version) - 1] = '\0'; + strncpy(machine, name.machine, sizeof(machine) - 1); + machine[sizeof(machine) - 1] = '\0'; } static int mod_ctrl(bool enable) @@ -584,9 +586,14 @@ static int exectue(int argc, char *argv[]) if (run_depend[0]) add_python_depend(run_depend, subcmd_name); - else - strncpy(tools_exec, subcmd_name, strlen(subcmd_name)); - + else { + size_t len = strlen(subcmd_name); + if (len >= sizeof(tools_exec)) { + len = sizeof(tools_exec) - 1; + } + strncpy(tools_exec, subcmd_name, len); + tools_exec[len] = '\0'; + } snprintf(subcmd_exec_final, sizeof(subcmd_exec_final), "%s;%s", sysak_work_path, tools_exec); ret = my_system(subcmd_exec_final); if (ret < 0) -- Gitee From c00624d232ada92b8fd4f7c46d11b519d9ed5a64 Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:19:55 +0800 Subject: [PATCH 04/12] hw_event:Verify the validity of parameters Signed-off-by: Hailong Liu --- source/tools/detect/pmu/hw_event/hw_event.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source/tools/detect/pmu/hw_event/hw_event.c b/source/tools/detect/pmu/hw_event/hw_event.c index 6b79f506..c8cae93e 100644 --- a/source/tools/detect/pmu/hw_event/hw_event.c +++ b/source/tools/detect/pmu/hw_event/hw_event.c @@ -169,6 +169,7 @@ int main(int argc, char *argv[]) path = origpath; for (;;) { FILE *result; + char *ppos; c = getopt_long(argc, argv, "c:s:h", NULL, &option_index); if (c == -1) break; @@ -177,6 +178,11 @@ int main(int argc, char *argv[]) case 'c': memset(cmd, 0, sizeof(cmd)); memset(buffer, 0, sizeof(buffer)); + ppos = strpbrk(optarg,";\r\n"); + if (ppos) { + printf("The newline and semicolon characters is not allowd in args\n"); + return -1; + } snprintf(cmd, sizeof(cmd)-1, "docker inspect --format \"{{ .Id}}\" %s", optarg); result = popen(cmd, "r"); -- Gitee From 6aa1662a48a8d681c8f81aadea867c27517a0e92 Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:21:36 +0800 Subject: [PATCH 05/12] kcore_utils.c: Fix possible array out-of-bounds Signed-off-by: Hailong Liu --- source/lib/uapi/kcore_utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/lib/uapi/kcore_utils.c b/source/lib/uapi/kcore_utils.c index e58b45c2..0471bc02 100644 --- a/source/lib/uapi/kcore_utils.c +++ b/source/lib/uapi/kcore_utils.c @@ -249,7 +249,7 @@ static int download_btf() strcat(sysak_path, kernel); } - snprintf(dw, LEN + LEN + LEN, "wget -T 5 -t 2 -q -O %s/vmlinux-%s https://sysom-cn-%s.oss-cn-%s%s.aliyuncs.com/home/hive/btf/%s/vmlinux-%s", sysak_path, kernel, ®ion[3],®ion[3], timeout,arch, kernel); + snprintf(dw, sizeof(dw), "wget -T 5 -t 2 -q -O %s/vmlinux-%s https://sysom-cn-%s.oss-cn-%s%s.aliyuncs.com/home/hive/btf/%s/vmlinux-%s", sysak_path, kernel, ®ion[3],®ion[3], timeout,arch, kernel); do_cmd(dw, kernel, LEN); return 0; @@ -292,4 +292,4 @@ char *prepare_btf_file() } return btf; -} \ No newline at end of file +} -- Gitee From 7d88b0dbad5bfe947851c24223c31f8e24990664 Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:22:53 +0800 Subject: [PATCH 06/12] pidComm.c: Fix possible array out-of-bounds Signed-off-by: Hailong Liu --- source/lib/uapi/pidComm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/lib/uapi/pidComm.c b/source/lib/uapi/pidComm.c index ef4c7337..e46fae3a 100644 --- a/source/lib/uapi/pidComm.c +++ b/source/lib/uapi/pidComm.c @@ -85,8 +85,8 @@ static inline int get_con_cgpath_bypid(char *subpath, long pid, const char* cg, if (!fp) return errno; - memset(buf_512, 0, 1024); - while(fgets(buf_512, 1024, fp)) { + memset(buf_512, 0, sizeof(buf_512)); + while(fgets(buf_512, sizeof(buf_512), fp)) { size_t len; char *token; if((token = strstr(buf_512, cg)) != NULL) { -- Gitee From cda84d0df949d0801d9b48be07fa8aafece57f1a Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:24:20 +0800 Subject: [PATCH 07/12] mservice/mod_percpu: Fix leaks from allocation without freeing Signed-off-by: Hailong Liu --- source/tools/monitor/mservice/master/modules/mod_percpu.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source/tools/monitor/mservice/master/modules/mod_percpu.c b/source/tools/monitor/mservice/master/modules/mod_percpu.c index dd5f3180..02f7ed42 100644 --- a/source/tools/monitor/mservice/master/modules/mod_percpu.c +++ b/source/tools/monitor/mservice/master/modules/mod_percpu.c @@ -75,6 +75,7 @@ read_percpu_stats(struct module *mod) memset(buf, 0, LEN_1M); memset(&st_percpu, 0, STATS_PERCPU_SIZE); if ((fp = fopen(STAT_PATH, "r")) == NULL) { + free(nr_run); return; } memset(nr_run, 0, nr_cpus*sizeof(U_64)); -- Gitee From 2973dab8802e1aa0e8058c0f8781c5b9cc8a10b2 Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:25:31 +0800 Subject: [PATCH 08/12] runlatency: Assign initial values to return variables Signed-off-by: Hailong Liu --- source/tools/detect/sched/runlatency/json_dump.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/tools/detect/sched/runlatency/json_dump.c b/source/tools/detect/sched/runlatency/json_dump.c index ad2a303f..5fa66dfb 100644 --- a/source/tools/detect/sched/runlatency/json_dump.c +++ b/source/tools/detect/sched/runlatency/json_dump.c @@ -49,7 +49,7 @@ int clear_file(char *path) int parse_dump(char *file) { char *s; - int ret; + int ret = 0; FILE *outf = NULL; s = malloc(STREAM_SIZE); -- Gitee From c0305224bad019bd17c03dff895310a872d2ac45 Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:27:41 +0800 Subject: [PATCH 09/12] sysak.c: Fix leak of file handle Signed-off-by: Hailong Liu --- source/sysak.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source/sysak.c b/source/sysak.c index 10390a53..95ba3564 100644 --- a/source/sysak.c +++ b/source/sysak.c @@ -222,12 +222,16 @@ static bool get_module_tag(void) pstr += strlen("sysak_module_tag="); strcpy(module_tag, pstr); strim(module_tag); - if (strlen(module_tag) == 0) + if (strlen(module_tag) == 0) { + fclose(fp); return false; + } + fclose(fp); return true; } } + fclose(fp); return false; } -- Gitee From 91b252e2a758b513ef0937fe0bfda3c8b8acc455 Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:28:43 +0800 Subject: [PATCH 10/12] syshung_detector: Fix leak of file handle Signed-off-by: Hailong Liu --- .../tools/detect/generic/syshung_detector/syshung_detector.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source/tools/detect/generic/syshung_detector/syshung_detector.c b/source/tools/detect/generic/syshung_detector/syshung_detector.c index 2e1168ff..da44eca2 100644 --- a/source/tools/detect/generic/syshung_detector/syshung_detector.c +++ b/source/tools/detect/generic/syshung_detector/syshung_detector.c @@ -165,6 +165,7 @@ static bool load_detect(char *path) if ((long)load_avg_1 >= (LOAD_CPUS_SCALE * smp_num_cpus) / 2){ g_syshung.hung_class = NORMAL_FAULT; g_syshung.event = HU_HIGHLOAD; + fclose(fp); return TRUE; } fclose(fp); @@ -185,7 +186,7 @@ static int calc_taskcount(char *path,int *count) if (strstr(buf,"Name:")) *count++; } - + fclose(fp); } static bool dztask_detect(void) @@ -436,6 +437,7 @@ static int data_storage(char *src, char *dst) fp_dst = fopen(dst, "a+"); if (!fp_dst){ + fclose(fp_src); printf("open %s failed\n", dst); return -1; } -- Gitee From 3cc11b6c9e28e5208dc3a049dd84661eaea74604 Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:32:40 +0800 Subject: [PATCH 11/12] test/kmsg: Fix possible array out-of-bounds Signed-off-by: Hailong Liu --- source/tools/monitor/unity/test/lab/kmsg/kmsg.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source/tools/monitor/unity/test/lab/kmsg/kmsg.c b/source/tools/monitor/unity/test/lab/kmsg/kmsg.c index 613fa03c..f0b5a540 100644 --- a/source/tools/monitor/unity/test/lab/kmsg/kmsg.c +++ b/source/tools/monitor/unity/test/lab/kmsg/kmsg.c @@ -67,6 +67,8 @@ int kmsg_thread_func(void) { perror("kmsg read2 failed."); goto endRead; } + if (ret == 0) + break; buff[ret -1] = '\0'; printf("read: %s\n", buff); @@ -85,4 +87,4 @@ int kmsg_thread_func(void) { int main(void) { kmsg_thread_func(); return 0; -} \ No newline at end of file +} -- Gitee From f04090e520b9b1cac22852252299444dd2e49ff7 Mon Sep 17 00:00:00 2001 From: Hailong Liu Date: Sat, 17 Aug 2024 08:33:40 +0800 Subject: [PATCH 12/12] tcpping: Check the validity of parameters Signed-off-by: Hailong Liu --- source/tools/detect/net/tcpping/src/tcpping.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/tools/detect/net/tcpping/src/tcpping.c b/source/tools/detect/net/tcpping/src/tcpping.c index f1ae7556..c2dc9ac1 100644 --- a/source/tools/detect/net/tcpping/src/tcpping.c +++ b/source/tools/detect/net/tcpping/src/tcpping.c @@ -593,6 +593,8 @@ static int para_parse(int argc, char **argv) trace_para.delay = atoi(optarg); break; case 'u': + if (!is_number(optarg)) + return -1; trace_para.cpu = atoi(optarg); break; -- Gitee