Date: Thu, 19 Mar 2015 03:58:26 +0000 (UTC) From: Adrian Chadd <adrian@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r280239 - head/sys/geom Message-ID: <201503190358.t2J3wQFO085788@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: adrian Date: Thu Mar 19 03:58:25 2015 New Revision: 280239 URL: https://svnweb.freebsd.org/changeset/base/280239 Log: Fix the label search routine in geom_map to not trip up on '\0' bytes. * Just do the buf check early and fail out * If the offset being searched is: 00110000 00 b5 7e 45 61 e2 76 d3 c1 78 dd 15 95 cd 1f f1 |..~Ea.v..x......| .. and the match string is '.!/bin/sh' .. then it'll set the match string[0] to '\0', do a strncmp() against the read buffer, find it's matching two zero-length strings, and think that's where to start. MFC after: 2 weeks Modified: head/sys/geom/geom_map.c Modified: head/sys/geom/geom_map.c ============================================================================== --- head/sys/geom/geom_map.c Thu Mar 19 01:40:43 2015 (r280238) +++ head/sys/geom/geom_map.c Thu Mar 19 03:58:25 2015 (r280239) @@ -171,6 +171,13 @@ find_marker(struct g_consumer *cp, const roundup(strlen(search_key), sectorsize), NULL); g_topology_lock(); + /* + * Don't bother doing the rest if buf==NULL; eg derefencing + * to assemble 'key'. + */ + if (buf == NULL) + continue; + /* Wildcard, replace '.' with byte from data */ /* TODO: add support wildcard escape '\.' */ @@ -183,7 +190,8 @@ find_marker(struct g_consumer *cp, const } } - if (buf != NULL && strncmp(buf + search_offset % sectorsize, + /* Assume buf != NULL here */ + if (memcmp(buf + search_offset % sectorsize, key, strlen(search_key)) == 0) { g_free(buf); /* Marker found, so return their offset */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503190358.t2J3wQFO085788>