From owner-freebsd-current@FreeBSD.ORG  Thu Apr 29 15:19:38 2010
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D25491065676;
	Thu, 29 Apr 2010 15:19:38 +0000 (UTC)
	(envelope-from bright@elvis.mu.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.freebsd.org (Postfix) with ESMTP id B36148FC23;
	Thu, 29 Apr 2010 15:19:38 +0000 (UTC)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 7E9191A3FBC; Thu, 29 Apr 2010 08:19:33 -0700 (PDT)
Date: Thu, 29 Apr 2010 08:19:33 -0700
From: Alfred Perlstein <alfred@freebsd.org>
To: John Baldwin <jhb@freebsd.org>
Message-ID: <20100429151933.GI36233@elvis.mu.org>
References: <20100428171840.GS35381@elvis.mu.org>
	<201004290740.43355.jhb@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201004290740.43355.jhb@freebsd.org>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-current@freebsd.org
Subject: Re: fixes for enhanced coredump
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Apr 2010 15:19:39 -0000

* John Baldwin <jhb@freebsd.org> [100429 05:46] wrote:
> On Wednesday 28 April 2010 1:18:40 pm Alfred Perlstein wrote:
> > I was recently working on the enhanced coredumps
> > internal to Juniper and realized that there were
> > some defects in the code I pushed (mostly due to
> > mismerge), can someone please review?
> > 
> > 1) don't allocate hostname[] on the stack 
> > 2) don't leak the temp buffer in imgact_elf_coredump.
> 
> Doesn't this leak hostname?  I don't see it being free'd anywhere.

Thank you, I missed bringing that line over from JUNOS.

-Alfred

> 
> > thank you,
> > -Alfred
> > 
> > 
> > Index: kern/kern_sig.c
> > ===================================================================
> > --- kern/kern_sig.c	(revision 207329)
> > +++ kern/kern_sig.c	(working copy)
> > @@ -3004,8 +3004,9 @@
> >  	char *temp;
> >  	size_t i;
> >  	int indexpos;
> > -	char hostname[MAXHOSTNAMELEN];
> > +	char *hostname;
> >  	
> > +	hostname = NULL;
> >  	format = corefilename;
> >  	temp = malloc(MAXPATHLEN, M_TEMP, M_NOWAIT | M_ZERO);
> >  	if (temp == NULL)
> > @@ -3021,6 +3022,19 @@
> >  				sbuf_putc(&sb, '%');
> >  				break;
> >  			case 'H':	/* hostname */
> > +				if (hostname == NULL) {
> > +					hostname = malloc(MAXHOSTNAMELEN,
> > +					    M_TEMP, M_NOWAIT);
> > +					if (hostname == NULL) {
> > +						log(LOG_ERR,
> > +						    "pid %ld (%s), uid (%lu): "
> > +						    "unable to alloc memory "
> > +						    "for corefile hostname\n",
> > +						    (long)pid, name,
> > +						    (u_long)uid);
> > +                                                goto nomem;
> > +                                        }
> > +                                }
> >  				getcredhostname(td->td_ucred, hostname,
> >  				    sizeof(hostname));
> >  				sbuf_printf(&sb, "%s", hostname);
> > @@ -3054,9 +3068,10 @@
> >  	}
> >  #endif
> >  	if (sbuf_overflowed(&sb)) {
> > -		sbuf_delete(&sb);
> >  		log(LOG_ERR, "pid %ld (%s), uid (%lu): corename is too "
> >  		    "long\n", (long)pid, name, (u_long)uid);
> > +nomem:
> > +		sbuf_delete(&sb);
> >  		free(temp, M_TEMP);
> >  		return (NULL);
> >  	}
> > Index: kern/imgact_elf.c
> > ===================================================================
> > --- kern/imgact_elf.c	(revision 207329)
> > +++ kern/imgact_elf.c	(working copy)
> > @@ -1088,8 +1088,10 @@
> >  	hdrsize = 0;
> >  	__elfN(puthdr)(td, (void *)NULL, &hdrsize, seginfo.count);
> >  
> > -	if (hdrsize + seginfo.size >= limit)
> > -		return (EFAULT);
> > +	if (hdrsize + seginfo.size >= limit) {
> > +		error = EFAULT;
> > +		goto done;
> > +	}
> >  
> >  	/*
> >  	 * Allocate memory for building the header, fill it up,
> > @@ -1097,7 +1099,8 @@
> >  	 */
> >  	hdr = malloc(hdrsize, M_TEMP, M_WAITOK);
> >  	if (hdr == NULL) {
> > -		return (EINVAL);
> > +		error = EINVAL;
> > +		goto done;
> >  	}
> >  	error = __elfN(corehdr)(td, vp, cred, seginfo.count, hdr, hdrsize,
> >  	    gzfile);
> > @@ -1125,8 +1128,8 @@
> >  		    curproc->p_comm, error);
> >  	}
> >  
> > +done:
> >  #ifdef COMPRESS_USER_CORES
> > -done:
> >  	if (core_buf)
> >  		free(core_buf, M_TEMP);
> >  	if (gzfile)
> > -- 
> > - Alfred Perlstein
> > .- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10
> > .- FreeBSD committer
> > _______________________________________________
> > freebsd-current@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-current
> > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
> > 
> 
> -- 
> John Baldwin

-- 
- Alfred Perlstein
.- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10
.- FreeBSD committer