INTERNAL: do_lqdetect_write method simple #790
Conversation
cheesecrust
force-pushed
the
internal/do_lqdetect_write
branch
from
bd7f5f0 to
75eead7
Compare
cheesecrust
force-pushed
the
internal/do_lqdetect_write
branch
from
75eead7 to
6134867
Compare
|
@cheesecrust rebaseํด ์ฃผ์ธ์. |
cheesecrust
force-pushed
the
internal/do_lqdetect_write
branch
2 times, most recently
from
f0f3686 to
95c243f
Compare
lqdetect.c
Outdated
| snprintf(bufptr, length, "%s %s\n", keyptr, arg->query); | ||
| nwrite += strlen(bufptr); | ||
| buffer->offset += nwrite; | ||
| buffer->offset += snprintf(buffer->data + buffer->offset, length - buffer->offset, "%s %s\n", keyptr, arg->query); |
There was a problem hiding this comment.
์๋์ ๊ฐ์ด ํ์์ฃ .
- length ๊ฐ ์กฐ์
- indentation์ ์๋ ์ฝ๋์ ๊ฐ์ด
gettimeofday(&val, NULL);
ptm = localtime(&val.tv_sec);
length = ((nsaved+1) * LQ_INPUT_SIZE);
buffer->offset += snprintf(buffer->data + buffer->offset, length - buffer->offset,
"%02d:%02d:%02d.%06ld %s <%u> %s ",
ptm->tm_hour, ptm->tm_min, ptm->tm_sec, (long)val.tv_usec,
client_ip, arg->overhead, command_str[cmd]);
buffer->keypos[nsaved] = buffer->offset;
buffer->keylen[nsaved] = keylen;
buffer->offset += snprintf(buffer->data + buffer->offset, length - buffer->offset,
"%s %s\n", keyptr, arg->query);
lqdetect.arg[cmd][nsaved] = *arg;
buffer->nsaved += 1;
cheesecrust
force-pushed
the
internal/do_lqdetect_write
branch
4 times, most recently
from
c573f16 to
b2893d3
Compare
cheesecrust
force-pushed
the
internal/do_lqdetect_write
branch
3 times, most recently
from
3f4b5dc to
2b755cb
Compare
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
lqdetect.c
Outdated
| @@ -103,7 +103,7 @@ static bool is_command_duplicated(char *key, int keylen, enum lq_detect_command | |||
| case LQCMD_MOP_GET: | |||
| case LQCMD_SOP_GET: | |||
| for (int ii = 0; ii < count; ii++) { | |||
| if (strcmp(lqdetect.arg[cmd][ii].query, arg->query) == 0) { | |||
| if (buf->keylen[ii] > 0 && strcmp(lqdetect.arg[cmd][ii].query, arg->query) == 0) { | |||
There was a problem hiding this comment.
keylen > 0 ํ์ธํ๋ ์ด์ ๊ฐ ๋ฌด์์ธ๊ฐ์?
There was a problem hiding this comment.
- ๋ก๊ทธ๊ฐ ๋ค ์ ์จ์ก์ ๊ฒฝ์ฐ(ํค, ์ฟผ๋ฆฌ ๋ชจ๋ ํฌํจ)์ ํด๋น ์์์ keylen์ -1 ๋ก ์ด๊ธฐํ ์์ผ ๋์ณค๋ค๋ ๊ฒ์ ํํํ๊ณ ์์ต๋๋ค.
- ์์ ํ์ง ๋ชปํ ๋ผ์ธ์ ๋ํด์๋ ๋น๊ต๋ฅผ ํด์๋ ์๋๋ค๊ณ ์๊ฐํ์ฌ ์๋ฒฝํ์ง ๋ชปํ ๋ผ์ธ์ ๋์ด๊ฐ๊ธฐ ์ํด ์ถ๊ฐํ์์ต๋๋ค.
There was a problem hiding this comment.
snprintf์์ overflow ๋ฐ์ํ๋ ๊ฒฝ์ฐ์๋ ์ฌ๊ธฐ๋ฟ๋ง ์๋๋ผ lqdetect show ๋ช
๋ น ๋ฑ์์๋ ๋ฌธ์ ๊ฐ ๋ฐ์ํ๊ฒ ๋ฉ๋๋ค.
์๋ ํญ๋ชฉ์ ์ถฉ๋ถํ ํ์ธํ๊ณ ๊ณต์ ํด ์ฃผ๊ธฐ ๋ฐ๋๋๋ค.
์ด์ ๊ด๋ จํ ์์ ์ ๋ค๋ฅธ PR๋ก ์ฒ๋ฆฌํ๋ ๊ฒ์ด ๋์ ๊ฒ ๊ฐ์ต๋๋ค.
AS-IS
- lqdetect_write ๋์ค snprintf์์ overflow ๋ฐ์ํ ๊ฒฝ์ฐ ๋ฌธ์ ๊ฐ ์๊ธธ ์ ์๋ ๋ถ๋ถ๋ค
- ๊ธฐ์กด ์ฝ๋ ๊ธฐ์ค overflow ๋ฐ์ํ๋ฉด ์ด๋ป๊ฒ ๋์ํ๋์ง?
TO-BE
- ๊ตฌํ์ ์ด๋ป๊ฒ ์์ ํด์ผ ํ๋์ง (์ฌ๋ฌ ๊ตฌํ ๋ฐฉ์์ด ์์ํ ๋ฐ, ๊ทธ ์ค ๋ซ๋ค๊ณ ์๊ฐํ๋ ๋ฐฉ์๊ณผ ๊ทธ ์ด์ )
- ์์ ํ๋ฉด, ์ด์ ์ ๋ฌธ์ ๋ฐ์ํ๋ ์ํฉ์์ ์ด๋ป๊ฒ ๋์ํ๊ฒ ๋๋์ง
This comment was marked as off-topic.
This comment was marked as off-topic.
|
์๋์ ๊ฐ์ด ํฉ์๋ค. static void do_lqdetect_write(char *client_ip, char *key,
enum lq_detect_command cmd, struct lq_detect_argument *arg)
{
struct tm *ptm;
struct timeval val;
struct lq_detect_buffer *buffer = &lqdetect.buffer[cmd];
uint32_t nsaved = buffer->nsaved;
uint32_t length, keylen = strlen(key);
char keybuf[251];
char *keyptr = key;
if (keylen > 250) { /* long key string */
keylen = snprintf(keybuf, sizeof(keybuf), "%.*s...%.*s",
124, key, 123, (key+keylen-123));
keyptr = keybuf;
}
if (is_command_duplicated(keyptr, keylen, cmd, arg) == true) {
return;
}
gettimeofday(&val, NULL);
ptm = localtime(&val.tv_sec);
length = ((nsaved+1) * LQ_INPUT_SIZE);
snprintf(buffer->data + buffer->offset, length - buffer->offset,
"%02d:%02d:%02d.%06ld %s <%u> %s ",
ptm->tm_hour, ptm->tm_min, ptm->tm_sec, (long)val.tv_usec,
client_ip, arg->overhead, command_str[cmd]);
buffer->offset += strlen(buffer->data + buffer->offset);
buffer->keypos[nsaved] = buffer->offset;
buffer->keylen[nsaved] = keylen;
snprintf(buffer->data + buffer->offset, length - buffer->offset,
"%s %s\n", keyptr, arg->query);
buffer->offset += strlen(buffer->data + buffer->offset);
lqdetect.arg[cmd][nsaved] = *arg;
buffer->nsaved += 1;
} |
|
@jhpark816 ์ ๋ถ๋ถ์์ ๋ง์ผ overflow๊ฐ ๋ฐ์ํ๊ฒ ๋๋ค๋ฉด '\n'์ด ์
๋ ฅ๋์ง ์์ ๊ทธ ๋ค์ ๋ผ์ธ์ ์์ผํ ๋ผ์ธ์ด ์ด์ด ๋ถ๊ฒ๋ ๊ฒ ์
๋๋ค. buffer->offset += snprintf(buffer->data + buffer->offset, length - buffer->offset, ...);
buffer->offset += snprintf(buffer->data + buffer->offset, (length - buffer->offset) > 0 ? (length - buffer->offset) : 0, ...)
if (buffer->offset >= length) {
buffer->offset = length - 1;
buffer->data[buffer->offset - 1] = '\n';
} |
|
@namsic ์์ ์ฝ๋ฉํธ๋ฅผ ๋ฆฌ๋ทฐํด ์ฃผ์ธ์. |
keypos์ keylen ๊ด๋ จ ๋ณ๊ฒฝ์ ์ด๋ป๊ฒ ๋๋์?
snprintf์ overflow ๊ด๋ จ ๋ณ๊ฒฝ์ ๋
ผ์๊ฐ ๊ธธ์ด์ง ๊ฒ ๊ฐ์ ์ด๋ฒ PR์์ ์ ์ธํ๊ณ |
์ด๋ฒ PR์์๋ ๋์์ ์ ํ์ฑ๋ง ๋ณด์ฅ๋๋ฉด ๋ฉ๋๋ค. |
cheesecrust
force-pushed
the
internal/do_lqdetect_write
branch
from
2b755cb to
198a9da
Compare
๐ Related Issue
โจ๏ธ What I did
์ ์ด์์ ๋ง์ถ์ด ์ ๋ ฅ ๊ฐ๋ฅํ ๋ฒํผ์ ๊ณต๊ฐ ๋ณด๋ค ํฐ ์ ๋ ฅ์ด ๋ค์ด์์๋์ ์ฒ๋ฆฌ๋ฅผ ํฌํจํ์์ต๋๋ค.