From owner-freebsd-audit@FreeBSD.ORG Sun Apr 13 06:34:28 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F1D737B401 for ; Sun, 13 Apr 2003 06:34:28 -0700 (PDT) Received: from numeri.campus.luth.se (numeri.campus.luth.se [130.240.197.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F95F43F85 for ; Sun, 13 Apr 2003 06:34:27 -0700 (PDT) (envelope-from k@numeri.campus.luth.se) Received: from numeri.campus.luth.se (localhost [127.0.0.1]) by numeri.campus.luth.se (8.12.9/8.12.9) with ESMTP id h3DDYPEm042393 for ; Sun, 13 Apr 2003 15:34:25 +0200 (CEST) (envelope-from k@numeri.campus.luth.se) Received: (from k@localhost) by numeri.campus.luth.se (8.12.9/8.12.9/Submit) id h3DDYPNZ042392 for audit@freebsd.org; Sun, 13 Apr 2003 15:34:25 +0200 (CEST) Date: Sun, 13 Apr 2003 15:34:25 +0200 From: Johan Karlsson To: FreeBSD-audit Message-ID: <20030413133425.GC11752@numeri.campus.luth.se> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Fba/0zbH8Xs+Fj9o" Content-Disposition: inline User-Agent: Mutt/1.4i Subject: makeing sbin/kld* WARNS=5 clean and some style(9) cleanup X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Apr 2003 13:34:28 -0000 --Fba/0zbH8Xs+Fj9o Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi audit-gang I intend to commit the attached two patches. The first one makes sbin/kld* WARNS=5 clean and marks them as that in the makefiles. The second patch makes them more style(9) conformant. It makes pointer assignment/comparisions use NULL instead of 0. Any objections? /Johan K -- Johan Karlsson mailto:johan@FreeBSD.org --Fba/0zbH8Xs+Fj9o Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="kld.diff" Index: sbin/kldconfig/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/kldconfig/Makefile,v retrieving revision 1.2 diff -u -r1.2 Makefile --- sbin/kldconfig/Makefile 4 Dec 2001 02:19:49 -0000 1.2 +++ sbin/kldconfig/Makefile 13 Apr 2003 12:17:11 -0000 @@ -28,5 +28,6 @@ PROG= kldconfig MAN= kldconfig.8 +WARNS?= 5 .include Index: sbin/kldload/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/kldload/Makefile,v retrieving revision 1.9 diff -u -r1.9 Makefile --- sbin/kldload/Makefile 4 Dec 2001 02:19:49 -0000 1.9 +++ sbin/kldload/Makefile 13 Apr 2003 12:16:50 -0000 @@ -28,5 +28,6 @@ PROG= kldload MAN= kldload.8 +WARNS?= 5 .include Index: sbin/kldstat/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/kldstat/Makefile,v retrieving revision 1.8 diff -u -r1.8 Makefile --- sbin/kldstat/Makefile 4 Dec 2001 02:19:49 -0000 1.8 +++ sbin/kldstat/Makefile 13 Apr 2003 11:30:20 -0000 @@ -27,7 +27,7 @@ # PROG= kldstat -WARNS= 0 MAN= kldstat.8 +WARNS?= 5 .include Index: sbin/kldstat/kldstat.c =================================================================== RCS file: /home/ncvs/src/sbin/kldstat/kldstat.c,v retrieving revision 1.9 diff -u -r1.9 kldstat.c --- sbin/kldstat/kldstat.c 1 Jul 2000 07:57:28 -0000 1.9 +++ sbin/kldstat/kldstat.c 13 Apr 2003 13:12:29 -0000 @@ -30,6 +30,7 @@ #endif /* not lint */ #include +#include #include #include #include @@ -65,8 +66,9 @@ if (kldstat(fileid, &stat) < 0) warn("can't stat file id %d", fileid); else - printf("%2d %4d %p %-8x %s\n", - stat.id, stat.refs, stat.address, stat.size, stat.name); + printf("%2d %4d %p %-8jx %s\n", + stat.id, stat.refs, stat.address, (uintmax_t)stat.size, + stat.name); if (verbose) { printf("\tContains modules:\n"); Index: sbin/kldunload/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/kldunload/Makefile,v retrieving revision 1.8 diff -u -r1.8 Makefile --- sbin/kldunload/Makefile 4 Dec 2001 02:19:49 -0000 1.8 +++ sbin/kldunload/Makefile 13 Apr 2003 11:30:04 -0000 @@ -27,7 +27,7 @@ # PROG= kldunload -WARNS= 0 MAN= kldunload.8 +WARNS?= 5 .include Index: sbin/kldunload/kldunload.c =================================================================== RCS file: /home/ncvs/src/sbin/kldunload/kldunload.c,v retrieving revision 1.10 diff -u -r1.10 kldunload.c --- sbin/kldunload/kldunload.c 8 Sep 1999 05:46:47 -0000 1.10 +++ sbin/kldunload/kldunload.c 13 Apr 2003 13:13:41 -0000 @@ -76,7 +76,7 @@ argc--; } - if (argc != 0 || fileid && filename) + if (argc != 0 || (fileid && filename)) usage(); if (fileid == 0 && filename == 0) --Fba/0zbH8Xs+Fj9o Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="kld.diff2" --- sbin/kldconfig/kldconfig.c Sun Apr 13 15:12:57 2003 +++ sbin/kldconfig/kldconfig.c.new Sun Apr 13 15:13:03 2003 @@ -142,7 +142,7 @@ if (sysctl(mib, miblen, NULL, NULL, newpath, strlen(newpath)+1) == -1) err(1, "setting path: sysctl(%s)", pathctl); - if (modpath) + if (modpath != NULL) free(modpath); modpath = newpath; } --- sbin/kldstat/kldstat.c Sun Apr 13 15:12:29 2003 +++ sbin/kldstat/kldstat.c.new Sun Apr 13 15:12:40 2003 @@ -92,7 +92,7 @@ int c; int verbose = 0; int fileid = 0; - char* filename = 0; + char* filename = NULL; while ((c = getopt(argc, argv, "i:n:v")) != -1) switch (c) { @@ -114,13 +114,13 @@ if (argc != 0) usage(); - if (filename) { + if (filename != NULL) { if ((fileid = kldfind(filename)) < 0) err(1, "can't find file %s", filename); } printf("Id Refs Address%*c Size Name\n", POINTER_WIDTH - 7, ' '); - if (fileid) + if (fileid != 0) printfile(fileid, verbose); else for (fileid = kldnext(0); fileid > 0; fileid = kldnext(fileid)) --- sbin/kldunload/kldunload.c Sun Apr 13 15:13:41 2003 +++ sbin/kldunload/kldunload.c.new Sun Apr 13 13:37:19 2003 @@ -50,7 +50,7 @@ int c; int verbose = 0; int fileid = 0; - char* filename = 0; + char* filename = NULL; while ((c = getopt(argc, argv, "i:n:v")) != -1) switch (c) { @@ -71,18 +71,18 @@ argc -= optind; argv += optind; - if (!fileid && !filename && (argc == 1)) { + if (fileid == 0 && filename == NULL && (argc == 1)) { filename = *argv; argc--; } - if (argc != 0 || (fileid && filename)) + if (argc != 0 || (fileid != 0 && filename != NULL)) usage(); - if (fileid == 0 && filename == 0) + if (fileid == 0 && filename == NULL) usage(); - if (filename) { + if (filename != NULL) { if ((fileid = kldfind(filename)) < 0) err(1, "can't find file %s", filename); } --Fba/0zbH8Xs+Fj9o-- From owner-freebsd-audit@FreeBSD.ORG Wed Apr 16 08:47:44 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0379537B401 for ; Wed, 16 Apr 2003 08:47:44 -0700 (PDT) Received: from smtp.web.de (smtp01.web.de [217.72.192.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4903A43F75 for ; Wed, 16 Apr 2003 08:47:43 -0700 (PDT) (envelope-from sebastian.ssmoller@web.de) Received: from [213.7.182.77] (helo=Bb64d.pppool.de) by smtp.web.de with esmtp (WEB.DE(Exim) 4.97 #53) id 195p8P-00028w-00 for audit@freebsd.org; Wed, 16 Apr 2003 17:47:41 +0200 From: Sebastian Ssmoller To: FreeBSD-audit In-Reply-To: <20030413133425.GC11752@numeri.campus.luth.se> References: <20030413133425.GC11752@numeri.campus.luth.se> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8-3mdk Date: 16 Apr 2003 17:48:08 +0200 Message-Id: <1050508090.1952.23.camel@hadriel> Mime-Version: 1.0 Sender: sebastian.ssmoller@web.de Subject: Re: makeing sbin/kld* WARNS=5 clean and some style(9) cleanup X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 15:47:44 -0000 Hi, I applied the first patch. Looks good, but kldstat.c seem to be warns=5 clean anyway, doesn't it? seb Am Son, 2003-04-13 um 15.34 schrieb Johan Karlsson: > Hi audit-gang > > I intend to commit the attached two patches. The first one makes > sbin/kld* WARNS=5 clean and marks them as that in the makefiles. > > The second patch makes them more style(9) conformant. > It makes pointer assignment/comparisions use NULL instead of 0. > > Any objections? > > /Johan K > > -- > Johan Karlsson mailto:johan@FreeBSD.org > ---- > > Index: sbin/kldconfig/Makefile > =================================================================== > RCS file: /home/ncvs/src/sbin/kldconfig/Makefile,v > retrieving revision 1.2 > diff -u -r1.2 Makefile > --- sbin/kldconfig/Makefile 4 Dec 2001 02:19:49 -0000 1.2 > +++ sbin/kldconfig/Makefile 13 Apr 2003 12:17:11 -0000 > @@ -28,5 +28,6 @@ > > PROG= kldconfig > MAN= kldconfig.8 > +WARNS?= 5 > > .include > Index: sbin/kldload/Makefile > =================================================================== > RCS file: /home/ncvs/src/sbin/kldload/Makefile,v > retrieving revision 1.9 > diff -u -r1.9 Makefile > --- sbin/kldload/Makefile 4 Dec 2001 02:19:49 -0000 1.9 > +++ sbin/kldload/Makefile 13 Apr 2003 12:16:50 -0000 > @@ -28,5 +28,6 @@ > > PROG= kldload > MAN= kldload.8 > +WARNS?= 5 > > .include > Index: sbin/kldstat/Makefile > =================================================================== > RCS file: /home/ncvs/src/sbin/kldstat/Makefile,v > retrieving revision 1.8 > diff -u -r1.8 Makefile > --- sbin/kldstat/Makefile 4 Dec 2001 02:19:49 -0000 1.8 > +++ sbin/kldstat/Makefile 13 Apr 2003 11:30:20 -0000 > @@ -27,7 +27,7 @@ > # > > PROG= kldstat > -WARNS= 0 > MAN= kldstat.8 > +WARNS?= 5 > > .include > Index: sbin/kldstat/kldstat.c > =================================================================== > RCS file: /home/ncvs/src/sbin/kldstat/kldstat.c,v > retrieving revision 1.9 > diff -u -r1.9 kldstat.c > --- sbin/kldstat/kldstat.c 1 Jul 2000 07:57:28 -0000 1.9 > +++ sbin/kldstat/kldstat.c 13 Apr 2003 13:12:29 -0000 > @@ -30,6 +30,7 @@ > #endif /* not lint */ > > #include > +#include > #include > #include > #include > @@ -65,8 +66,9 @@ > if (kldstat(fileid, &stat) < 0) > warn("can't stat file id %d", fileid); > else > - printf("%2d %4d %p %-8x %s\n", > - stat.id, stat.refs, stat.address, stat.size, stat.name); > + printf("%2d %4d %p %-8jx %s\n", > + stat.id, stat.refs, stat.address, (uintmax_t)stat.size, > + stat.name); > > if (verbose) { > printf("\tContains modules:\n"); > Index: sbin/kldunload/Makefile > =================================================================== > RCS file: /home/ncvs/src/sbin/kldunload/Makefile,v > retrieving revision 1.8 > diff -u -r1.8 Makefile > --- sbin/kldunload/Makefile 4 Dec 2001 02:19:49 -0000 1.8 > +++ sbin/kldunload/Makefile 13 Apr 2003 11:30:04 -0000 > @@ -27,7 +27,7 @@ > # > > PROG= kldunload > -WARNS= 0 > MAN= kldunload.8 > +WARNS?= 5 > > .include > Index: sbin/kldunload/kldunload.c > =================================================================== > RCS file: /home/ncvs/src/sbin/kldunload/kldunload.c,v > retrieving revision 1.10 > diff -u -r1.10 kldunload.c > --- sbin/kldunload/kldunload.c 8 Sep 1999 05:46:47 -0000 1.10 > +++ sbin/kldunload/kldunload.c 13 Apr 2003 13:13:41 -0000 > @@ -76,7 +76,7 @@ > argc--; > } > > - if (argc != 0 || fileid && filename) > + if (argc != 0 || (fileid && filename)) > usage(); > > if (fileid == 0 && filename == 0) > ---- > > --- sbin/kldconfig/kldconfig.c Sun Apr 13 15:12:57 2003 > +++ sbin/kldconfig/kldconfig.c.new Sun Apr 13 15:13:03 2003 > @@ -142,7 +142,7 @@ > if (sysctl(mib, miblen, NULL, NULL, newpath, strlen(newpath)+1) == -1) > err(1, "setting path: sysctl(%s)", pathctl); > > - if (modpath) > + if (modpath != NULL) > free(modpath); > modpath = newpath; > } > --- sbin/kldstat/kldstat.c Sun Apr 13 15:12:29 2003 > +++ sbin/kldstat/kldstat.c.new Sun Apr 13 15:12:40 2003 > @@ -92,7 +92,7 @@ > int c; > int verbose = 0; > int fileid = 0; > - char* filename = 0; > + char* filename = NULL; > > while ((c = getopt(argc, argv, "i:n:v")) != -1) > switch (c) { > @@ -114,13 +114,13 @@ > if (argc != 0) > usage(); > > - if (filename) { > + if (filename != NULL) { > if ((fileid = kldfind(filename)) < 0) > err(1, "can't find file %s", filename); > } > > printf("Id Refs Address%*c Size Name\n", POINTER_WIDTH - 7, ' '); > - if (fileid) > + if (fileid != 0) > printfile(fileid, verbose); > else > for (fileid = kldnext(0); fileid > 0; fileid = kldnext(fileid)) > --- sbin/kldunload/kldunload.c Sun Apr 13 15:13:41 2003 > +++ sbin/kldunload/kldunload.c.new Sun Apr 13 13:37:19 2003 > @@ -50,7 +50,7 @@ > int c; > int verbose = 0; > int fileid = 0; > - char* filename = 0; > + char* filename = NULL; > > while ((c = getopt(argc, argv, "i:n:v")) != -1) > switch (c) { > @@ -71,18 +71,18 @@ > argc -= optind; > argv += optind; > > - if (!fileid && !filename && (argc == 1)) { > + if (fileid == 0 && filename == NULL && (argc == 1)) { > filename = *argv; > argc--; > } > > - if (argc != 0 || (fileid && filename)) > + if (argc != 0 || (fileid != 0 && filename != NULL)) > usage(); > > - if (fileid == 0 && filename == 0) > + if (fileid == 0 && filename == NULL) > usage(); > > - if (filename) { > + if (filename != NULL) { > if ((fileid = kldfind(filename)) < 0) > err(1, "can't find file %s", filename); > } > ---- > > _______________________________________________ > freebsd-audit@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-audit > To unsubscribe, send any mail to "freebsd-audit-unsubscribe@freebsd.org" From owner-freebsd-audit@FreeBSD.ORG Wed Apr 16 17:37:37 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EE6C37B401 for ; Wed, 16 Apr 2003 17:37:37 -0700 (PDT) Received: from arthur.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69BF443F93 for ; Wed, 16 Apr 2003 17:37:35 -0700 (PDT) (envelope-from simon@arthur.nitro.dk) Received: by arthur.nitro.dk (Postfix, from userid 1000) id A1B4B10BF82; Thu, 17 Apr 2003 02:37:33 +0200 (CEST) Date: Thu, 17 Apr 2003 02:37:33 +0200 From: "Simon L. Nielsen" To: freebsd-audit@freebsd.org Message-ID: <20030417003732.GA3556@nitro.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WYTEVAkct0FjGQmd" Content-Disposition: inline User-Agent: Mutt/1.5.4i cc: Soeren Schmidt Subject: atacontrol(8) warns=5 and strcmp cleanup X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2003 00:37:37 -0000 --WYTEVAkct0FjGQmd Content-Type: multipart/mixed; boundary="BXVAT5kNtrzKuDFl" Content-Disposition: inline --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Attached is two patches for atacontrol(8). The first makes it WARNS=3D5 safe. It works on i386 but the only non i386 I have access to an Alpha running 4.7 so there could problems for non i386. A slightly modified version of the patch compiles on the 4.7 Alpha so I think it should be ok. The other patch makes the the strcmp checks more clear. In short : s/!strcmp()/strcmp() =3D=3D 0/ and s/strcmp()/strcmp() !=3D 0/. The generated object file is not changed by either patch. Btw. I posted the patch to -arch since an old PR about WARNS fixes suggested posting here instead of filing a PR. --=20 Simon L. Nielsen --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="atacontrol-warns5.patch" Content-Transfer-Encoding: quoted-printable --- atacontrol.c.orig Thu Apr 17 02:01:59 2003 +++ atacontrol.c Thu Apr 17 02:01:01 2003 @@ -31,6 +31,7 @@ #include #include =20 +#include #include #include #include @@ -38,7 +39,17 @@ #include #include =20 -char * +/* Prototypes */ +const char *mode2str(int mode); +int str2mode(char *str); +void usage(void); +int version(int ver); +void param_print(struct ata_params *parm); +void cap_print(struct ata_params *parm); +int ata_cap_print(int fd, int channel, int device); +int info_print(int fd, int channel, int prchan); + +const char * mode2str(int mode) { switch (mode) { @@ -88,14 +99,14 @@ } =20 int -version(int version) +version(int ver) { int bit; =20 - if (version =3D=3D 0xffff) + if (ver =3D=3D 0xffff) return 0; for (bit =3D 15; bit >=3D 0; bit--) - if (version & (1<support.address48 ? " " : " not "); if (lbasize48) - printf("%lld sectors\n", lbasize48);=09 + printf("%"PRId64" sectors\n", lbasize48); else printf("\n"); =20 Index: Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sbin/atacontrol/Makefile,v retrieving revision 1.6 diff -u -d -r1.6 Makefile --- Makefile 4 Dec 2001 02:19:43 -0000 1.6 +++ Makefile 17 Apr 2003 00:15:20 -0000 @@ -1,7 +1,7 @@ #$FreeBSD: src/sbin/atacontrol/Makefile,v 1.6 2001/12/04 02:19:43 obrien E= xp $ =20 PROG=3D atacontrol -WARNS=3D 0 +WARNS=3D 5 MAN=3D atacontrol.8 =20 .include --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="atacontrol-strcmp.patch" Content-Transfer-Encoding: quoted-printable Index: atacontrol.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/sbin/atacontrol/atacontrol.c,v retrieving revision 1.20 retrieving revision 1.20.1002.1 diff -u -d -r1.20 -r1.20.1002.1 --- atacontrol.c 22 Mar 2003 12:18:20 -0000 1.20 +++ atacontrol.c 16 Apr 2003 22:37:49 -0000 1.20.1002.1 @@ -259,12 +259,12 @@ =20 bzero(&iocmd, sizeof(struct ata_cmd)); =20 - if (argc > 2 && strcmp(argv[1], "create")) { + if (argc > 2 && strcmp(argv[1], "create") !=3D 0) { int chan; =20 - if (!strcmp(argv[1], "delete") || - !strcmp(argv[1], "status") || - !strcmp(argv[1], "rebuild")) { + if (strcmp(argv[1], "delete") =3D=3D 0 || + strcmp(argv[1], "status") =3D=3D 0 || + strcmp(argv[1], "rebuild") =3D=3D 0) { if (!(sscanf(argv[2], "%d", &chan) =3D=3D 1 || sscanf(argv[2], "ar%d", &chan) =3D=3D 1)) usage(); @@ -277,7 +277,7 @@ iocmd.channel =3D chan; } =20 - if (!strcmp(argv[1], "list") && argc =3D=3D 2) { + if (strcmp(argv[1], "list") =3D=3D 0 && argc =3D=3D 2) { iocmd.cmd =3D ATAGMAXCHANNEL; if (ioctl(fd, IOCATA, &iocmd) < 0) err(1, "ioctl(ATAGMAXCHANNEL)"); @@ -285,13 +285,13 @@ for (unit =3D 0; unit < maxunit; unit++) info_print(fd, unit, 1); } - else if (!strcmp(argv[1], "info") && argc =3D=3D 3) { + else if (strcmp(argv[1], "info") =3D=3D 0 && argc =3D=3D 3) { info_print(fd, iocmd.channel, 0); } - else if (!strcmp(argv[1], "cap") && argc =3D=3D 4) { + else if (strcmp(argv[1], "cap") =3D=3D 0 && argc =3D=3D 4) { ata_cap_print(fd, iocmd.channel, atoi(argv[3])); } - else if (!strcmp(argv[1], "enclosure") && argc =3D=3D 4) { + else if (strcmp(argv[1], "enclosure") =3D=3D 0 && argc =3D=3D 4) { iocmd.device =3D atoi(argv[3]); iocmd.cmd =3D ATAENCSTAT; if (ioctl(fd, IOCATA, &iocmd) < 0) @@ -302,34 +302,37 @@ (double)iocmd.u.enclosure.v05 / 1000, (double)iocmd.u.enclosure.v12 / 1000); } - else if (!strcmp(argv[1], "detach") && argc =3D=3D 3) { + else if (strcmp(argv[1], "detach") =3D=3D 0 && argc =3D=3D 3) { iocmd.cmd =3D ATADETACH; if (ioctl(fd, IOCATA, &iocmd) < 0) err(1, "ioctl(ATADETACH)"); } - else if (!strcmp(argv[1], "attach") && argc =3D=3D 3) { + else if (strcmp(argv[1], "attach") =3D=3D 0 && argc =3D=3D 3) { iocmd.cmd =3D ATAATTACH; if (ioctl(fd, IOCATA, &iocmd) < 0) err(1, "ioctl(ATAATTACH)"); info_print(fd, iocmd.channel, 0); } - else if (!strcmp(argv[1], "reinit") && argc =3D=3D 3) { + else if (strcmp(argv[1], "reinit") =3D=3D 0 && argc =3D=3D 3) { iocmd.cmd =3D ATAREINIT; if (ioctl(fd, IOCATA, &iocmd) < 0) warn("ioctl(ATAREINIT)"); info_print(fd, iocmd.channel, 0); } - else if (!strcmp(argv[1], "create")) { + else if (strcmp(argv[1], "create") =3D=3D 0) { int disk, dev, offset; =20 iocmd.cmd =3D ATARAIDCREATE; - if (!strcmp(argv[2], "RAID0") || !strcmp(argv[2], "stripe")) + if (strcmp(argv[2], "RAID0") =3D=3D 0 || + strcmp(argv[2], "stripe") =3D=3D 0) iocmd.u.raid_setup.type =3D 1; - if (!strcmp(argv[2], "RAID1") || !strcmp(argv[2],"mirror")) + if (strcmp(argv[2], "RAID1") =3D=3D 0 || + strcmp(argv[2],"mirror") =3D=3D 0) iocmd.u.raid_setup.type =3D 2; - if (!strcmp(argv[2], "RAID0+1")) + if (strcmp(argv[2], "RAID0+1") =3D=3D 0) iocmd.u.raid_setup.type =3D 3; - if (!strcmp(argv[2], "SPAN") || !strcmp(argv[2], "JBOD")) + if (strcmp(argv[2], "SPAN") =3D=3D 0 || + strcmp(argv[2], "JBOD") =3D=3D 0) iocmd.u.raid_setup.type =3D 4; if (!iocmd.u.raid_setup.type) usage(); @@ -355,17 +358,17 @@ else printf("ar%d created\n", iocmd.u.raid_setup.unit); } - else if (!strcmp(argv[1], "delete") && argc =3D=3D 3) { + else if (strcmp(argv[1], "delete") =3D=3D 0 && argc =3D=3D 3) { iocmd.cmd =3D ATARAIDDELETE; if (ioctl(fd, IOCATA, &iocmd) < 0) warn("ioctl(ATARAIDDELETE)"); } - else if (!strcmp(argv[1], "rebuild") && argc =3D=3D 3) { + else if (strcmp(argv[1], "rebuild") =3D=3D 0 && argc =3D=3D 3) { iocmd.cmd =3D ATARAIDREBUILD; if (ioctl(fd, IOCATA, &iocmd) < 0) warn("ioctl(ATARAIDREBUILD)"); } - else if (!strcmp(argv[1], "status") && argc =3D=3D 3) { + else if (strcmp(argv[1], "status") =3D=3D 0 && argc =3D=3D 3) { int i; =20 iocmd.cmd =3D ATARAIDSTATUS; @@ -409,7 +412,7 @@ printf("BROKEN\n"); } } - else if (!strcmp(argv[1], "mode") && (argc =3D=3D 3 || argc =3D=3D 5)) { + else if (strcmp(argv[1], "mode") =3D=3D 0 && (argc =3D=3D 3 || argc =3D= =3D 5)) { if (argc =3D=3D 5) { iocmd.cmd =3D ATASMODE; iocmd.device =3D -1; --BXVAT5kNtrzKuDFl-- --WYTEVAkct0FjGQmd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+nfdM8kocFXgPTRwRAnyaAJ9GjRP0qexZii4wJRd/aTO9hK2jzwCgvQBe QkJot4opkkcA2/l2pusSd0A= =2JLY -----END PGP SIGNATURE----- --WYTEVAkct0FjGQmd-- From owner-freebsd-audit@FreeBSD.ORG Sat Apr 19 20:23:05 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6717A37B401; Sat, 19 Apr 2003 20:23:05 -0700 (PDT) Received: from obsecurity.dyndns.org (adsl-67-115-75-1.dsl.lsan03.pacbell.net [67.115.75.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 481C443FCB; Sat, 19 Apr 2003 20:23:04 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id A538966B9B; Sat, 19 Apr 2003 20:23:03 -0700 (PDT) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 75133149E; Sat, 19 Apr 2003 20:23:03 -0700 (PDT) Date: Sat, 19 Apr 2003 20:23:03 -0700 From: Kris Kennaway To: audit@FreeBSD.org, current@FreeBSD.org Message-ID: <20030420032303.GA25568@rot13.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="J2SCkAp4GZ/dPZZf" Content-Disposition: inline User-Agent: Mutt/1.4i Subject: Buffer overflow in disklabel X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2003 03:23:05 -0000 --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Run the following under /bin/sh (not tcsh, which - still! - has a bug that causes the command to hang tcsh): # disklabel `perl -e 'print "a"x51200'` Segmentation fault (core dumped) The responsible code is: dkname = argv[0]; if (dkname[0] != '/') { (void)sprintf(np, "%s%s%c", _PATH_DEV, dkname, 'a' + RAW_PART); specname = np; np += strlen(specname) + 1; } else specname = dkname; f = open(specname, op == READ ? O_RDONLY : O_RDWR); if (f < 0 && errno == ENOENT && dkname[0] != '/') { (void)sprintf(specname, "%s%s", _PATH_DEV, dkname); np = namebuf + strlen(specname) + 1; f = open(specname, op == READ ? O_RDONLY : O_RDWR); } i.e. overflowing an 8k buffer. Does anyone feel like fixing it? Kris --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+ohKWWry0BWjoQKURAhbAAKDTuOfY5WfVGl4Q9XLR6xx2yjEgpgCgj0b8 RhHKKN57WHNGYSFJAh/JPhg= =0FQu -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf--