From owner-svn-src-all@freebsd.org Fri Jul 7 05:55:44 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F08F6D9B084; Fri, 7 Jul 2017 05:55:44 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C53DB68CCB; Fri, 7 Jul 2017 05:55:44 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from Xins-MBP.ut.rhv.delphij.net (unknown [IPv6:2601:646:8882:37a:a563:61b1:723b:a3e7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 4624A1768A; Thu, 6 Jul 2017 22:55:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1499406944; x=1499421344; bh=39fsT34DUl8ZNVMOzWE0Fga2z6258MZ8l0umrQlHw3c=; h=Cc:Subject:To:References:From:Date:In-Reply-To; b=JNyaQpQRzMnhTBvW19UiJAQn3KcoDaw8nxWzJ4RxtWvMTNT2SDcioQ75U7utrnGMV ruYyRDIvQ6F3eS+5FsN51hWjK3xIK86MY/RZ4RQekkylkk6QGiF4KGK4cAChsc/BEe HfEDVgbTFxo4yYZN2+9UMT4nzxEbiFVcaZZHiMfo= Cc: d@delphij.net, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r320761 - head/sbin/init To: Konstantin Belousov , Xin LI References: <201707070248.v672mtJV048240@repo.freebsd.org> <20170707054304.GN1935@kib.kiev.ua> From: Xin Li Message-ID: <7a66538c-0c2a-86d8-5aa7-f477d5c09d82@delphij.net> Date: Thu, 6 Jul 2017 22:55:35 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170707054304.GN1935@kib.kiev.ua> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="oBDAB3CmOKIpaJnGXhPN0Ubo1DxXEVL94" X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Jul 2017 05:55:45 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --oBDAB3CmOKIpaJnGXhPN0Ubo1DxXEVL94 Content-Type: multipart/mixed; boundary="Gphnsqkuj4lvT8oqSvF52rHC0WdhuhJQB"; protected-headers="v1" From: Xin Li To: Konstantin Belousov , Xin LI Cc: d@delphij.net, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-ID: <7a66538c-0c2a-86d8-5aa7-f477d5c09d82@delphij.net> Subject: Re: svn commit: r320761 - head/sbin/init References: <201707070248.v672mtJV048240@repo.freebsd.org> <20170707054304.GN1935@kib.kiev.ua> In-Reply-To: <20170707054304.GN1935@kib.kiev.ua> --Gphnsqkuj4lvT8oqSvF52rHC0WdhuhJQB Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi, Kostantin, On 7/6/17 22:43, Konstantin Belousov wrote: >> Modified: head/sbin/init/init.c >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D >> --- head/sbin/init/init.c Fri Jul 7 00:34:51 2017 (r320760) >> +++ head/sbin/init/init.c Fri Jul 7 02:48:55 2017 (r320761) >> @@ -1271,8 +1271,8 @@ new_session(session_t *sprev, struct ttyent *typ= ) >> =20 >> sp->se_flags |=3D SE_PRESENT; >> =20 >> - sp->se_device =3D malloc(sizeof(_PATH_DEV) + strlen(typ->ty_name)); >> - sprintf(sp->se_device, "%s%s", _PATH_DEV, typ->ty_name); >> + if (asprintf(&sp->se_device, "%s%s", _PATH_DEV, typ->ty_name) < 0) >> + err(1, "asprintf"); >> =20 > IMO this is wrong. init(8) too important for the system operations, > and panicing the machine due to error from attempt creating getty > session is not worth it. >=20 > Either session should be disabled, or retried after some time, or > some other measures taken, but please do not kill init just due to a > local error. >=20 > I would even argue that using snprintf() there and ignoring truncation > is much better than err(), not least because the problem probably can > only practically appear due to a misconfiguration. Note that the previous code would just crash (due to NULL pointer deference) so I think this change is an improvement over the status quo. I do agree that the reliability of init(8) is critical and will see what we can do with the extreme situation and submit a new CR. Cheers, --Gphnsqkuj4lvT8oqSvF52rHC0WdhuhJQB-- --oBDAB3CmOKIpaJnGXhPN0Ubo1DxXEVL94 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZXyJbAAoJEJW2GBstM+nsUxcQAJ95MGuMat+PHDzB3BVTYjLP DX6+15QIoRJWTwy3LIroADt5ODsw+rKCSL3tlG/kz+qowGT0mG79jX2HCSUoNHih n9zuUbijqfdJQIQSt3/sx4F/aWYXQspDC7xN8OKD9U74Iu4jD0SQxrGSGxXYQ3+7 /IGsjuQl+l9RMmYw/h4zW4BfwyrO0+VNcsHcEWy6jeyTCrshEDwXORTOm45Qw1xp KclaIeOL5hCBbHQInLYDTSyzm0DC4w85Cn9qcx51jaSl+cYiTeoU2h1zP1Fwb8WE NEE1N5k0sYwPLZVJ69Z07Hq9+WY1RSaLIqnSIZ2QUDBTcwrZ798W/vZZWpfAAZPC iS8mJWPMOqRFXjq+xWCKPS8/4etxA2qxF31rdOUIzGshNu/mVVfDLzbfkVdZTkrr /EeiiqzocOCw0qV4wG8Mx4s2/KWfhUO3uj8eTkJcJUCamiUZ6WeCPckZkxxJHdHq JeCP4xJjI7KeHYHCUf0bSTJyy5hH00VWVz3McQ1UWGICFpljwdWPoLDalo30nNBm frMO7LU4JnGdk9sZt8lGApQUv3Kckdihsm4mmGru2rY3wUyshygEzhAlDug7xK0e 1ZEgfl+PxPopZo7qNdx7BJ0rH4nKEIYX9X7uLccxSRIzy9M2cKajEkTFLoLvUshc eh1HL+F16tMeZ9eg5RKC =VrUD -----END PGP SIGNATURE----- --oBDAB3CmOKIpaJnGXhPN0Ubo1DxXEVL94--