From owner-svn-src-all@FreeBSD.ORG Thu Mar 19 03:58:27 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 138FC84D; Thu, 19 Mar 2015 03:58:27 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F3218D8F; Thu, 19 Mar 2015 03:58:26 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t2J3wQxf085789; Thu, 19 Mar 2015 03:58:26 GMT (envelope-from adrian@FreeBSD.org) Received: (from adrian@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t2J3wQFO085788; Thu, 19 Mar 2015 03:58:26 GMT (envelope-from adrian@FreeBSD.org) Message-Id: <201503190358.t2J3wQFO085788@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: adrian set sender to adrian@FreeBSD.org using -f From: Adrian Chadd Date: Thu, 19 Mar 2015 03:58:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r280239 - head/sys/geom X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2015 03:58:27 -0000 Author: adrian Date: Thu Mar 19 03:58:25 2015 New Revision: 280239 URL: https://svnweb.freebsd.org/changeset/base/280239 Log: Fix the label search routine in geom_map to not trip up on '\0' bytes. * Just do the buf check early and fail out * If the offset being searched is: 00110000 00 b5 7e 45 61 e2 76 d3 c1 78 dd 15 95 cd 1f f1 |..~Ea.v..x......| .. and the match string is '.!/bin/sh' .. then it'll set the match string[0] to '\0', do a strncmp() against the read buffer, find it's matching two zero-length strings, and think that's where to start. MFC after: 2 weeks Modified: head/sys/geom/geom_map.c Modified: head/sys/geom/geom_map.c ============================================================================== --- head/sys/geom/geom_map.c Thu Mar 19 01:40:43 2015 (r280238) +++ head/sys/geom/geom_map.c Thu Mar 19 03:58:25 2015 (r280239) @@ -171,6 +171,13 @@ find_marker(struct g_consumer *cp, const roundup(strlen(search_key), sectorsize), NULL); g_topology_lock(); + /* + * Don't bother doing the rest if buf==NULL; eg derefencing + * to assemble 'key'. + */ + if (buf == NULL) + continue; + /* Wildcard, replace '.' with byte from data */ /* TODO: add support wildcard escape '\.' */ @@ -183,7 +190,8 @@ find_marker(struct g_consumer *cp, const } } - if (buf != NULL && strncmp(buf + search_offset % sectorsize, + /* Assume buf != NULL here */ + if (memcmp(buf + search_offset % sectorsize, key, strlen(search_key)) == 0) { g_free(buf); /* Marker found, so return their offset */