From owner-svn-src-all@freebsd.org Wed Nov 21 00:23:34 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A73681143A38 for ; Wed, 21 Nov 2018 00:23:34 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 40BDC8C0A9 for ; Wed, 21 Nov 2018 00:23:33 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-wr1-x42d.google.com with SMTP id t3so3829831wrr.3 for ; Tue, 20 Nov 2018 16:23:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=MnMjrYYU1ZNkJ/O+MfB9+TbwnvfAVAzgS/G7QcwJvpk=; b=OrmO9GGwX38UVIEky+IPaWX3mB6qzTOtXSnvd53GrQdTL3mWino5aXfuR3HMPtW7Q0 i2HTijeUFtrvkLaE3iu3yfqbMK9wdXl0hQEENhU3JEfpyuBiEJ7EOEypywpwmXQ3MH1N NB/hj4Xy6gT54ZCaTAip5LTVjCj0Og2rRa/gHJmxRxswsfyMjx13FGfsKFNNxF6b5XBq ENHu8ylSwWZOpy5J8QBgqxe53Mol+4sHYhY5gV84aKMlqh6clyjNFKPre49GOKmpuMG2 XVI/jiPJAOGMI2QervcREzp3nt2XtJ59ErSPc5AAAiYexBUXjQ+tosOfFBfxP4SzOh2j UKhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=MnMjrYYU1ZNkJ/O+MfB9+TbwnvfAVAzgS/G7QcwJvpk=; b=afw+aJhrMSYB8VgAeXBqCpMA+ujo33w5gLxPKSiRrnQOAv8ew45VMzY9zTYlirbGvV RmX/9akIM6buxgyPNA3GnCT0ciOWgeUHdsRyQgvxzBZP4TRgqx502aaIFyVu88Qujtxp vpnbrzTp4ph2zhbs8OwSxZFuiLawuiD7/wSl4SvDig7UzCQqdB7Oct4uGa4qqailG+J/ e1kGhcNIPZ9pBQq2B2Ibwp5BvPiEalQYcFzTApru7X0dYaK4ndtwuRMbXDe4XhIH8wwj CQutSpGXJNKZnJjmH9TfEtoirguRrW4I5suX528b66/AynyNaUbT6EchATSePmkryBgQ 8Jfw== X-Gm-Message-State: AA+aEWa4mGJU5B16Ig9R6zg+6ytUkNDroDvMrfGfO7LomTt46n+WOzIw pQnwJ/9jN/W/exUKCR3tHMiOzQ== X-Google-Smtp-Source: AFSGD/ViQ5ScBlalMBwNMcMFNtEGSRbVruYuCwbcyHCE2a9KKV7tmNYCpWT2QODtX+JfOCOoJydcPg== X-Received: by 2002:a5d:4ec4:: with SMTP id s4mr3920249wrv.187.1542759811603; Tue, 20 Nov 2018 16:23:31 -0800 (PST) Received: from mutt-hbsd (lumumba.torservers.net. [77.247.181.163]) by smtp.gmail.com with ESMTPSA id g5-v6sm58049097wrw.97.2018.11.20.16.23.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Nov 2018 16:23:30 -0800 (PST) Date: Tue, 20 Nov 2018 19:22:54 -0500 From: Shawn Webb To: Marcelo Araujo Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r340707 - head/usr.sbin/bhyve Message-ID: <20181121002254.efitgf45bzajh5sj@mutt-hbsd> References: <201811202221.wAKMLJ3W068166@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qf5lp2runf5q3qgd" Content-Disposition: inline In-Reply-To: <201811202221.wAKMLJ3W068166@repo.freebsd.org> X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT FreeBSD 13.0-CURRENT HARDENEDBSD-13-CURRENT amd64 X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: NeoMutt/20180622 X-Rspamd-Queue-Id: 40BDC8C0A9 X-Spamd-Result: default: False [-5.65 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[svn-src-all@freebsd.org]; DMARC_NA(0.00)[hardenedbsd.org]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; MX_GOOD(-0.01)[alt1.aspmx.l.google.com,aspmx.l.google.com,aspmx2.googlemail.com,alt2.aspmx.l.google.com,aspmx3.googlemail.com]; RCVD_IN_DNSWL_NONE(0.00)[d.2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.89)[-0.888,0]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; IP_SCORE(-0.65)[ipnet: 2a00:1450::/32(-1.58), asn: 15169(-1.58), country: US(-0.09)] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2018 00:23:35 -0000 --qf5lp2runf5q3qgd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 20, 2018 at 10:21:19PM +0000, Marcelo Araujo wrote: > Author: araujo > Date: Tue Nov 20 22:21:19 2018 > New Revision: 340707 > URL: https://svnweb.freebsd.org/changeset/base/340707 >=20 > Log: > Define AHCI_PORT_IDENT and increase by 1 the VTBLK_BLK_ID_BYTES > to avoid buffer accessed out of bounds, also switch to snprintf(3). > =20 > PR: 200859 > Submitted by: Caglar > Obtained from: https://github.com/mist64/xhyve/pull/24 > MFC after: 4 weeks > Sponsored by: iXsystems Inc. >=20 > Modified: > head/usr.sbin/bhyve/pci_ahci.c > head/usr.sbin/bhyve/pci_virtio_block.c >=20 > Modified: head/usr.sbin/bhyve/pci_ahci.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/usr.sbin/bhyve/pci_ahci.c Tue Nov 20 22:12:10 2018 (r340706) > +++ head/usr.sbin/bhyve/pci_ahci.c Tue Nov 20 22:21:19 2018 (r340707) > @@ -105,7 +105,7 @@ enum sata_fis_type { > * ATA commands > */ > #define ATA_SF_ENAB_SATA_SF 0x10 > -#define ATA_SATA_SF_AN 0x05 > +#define ATA_SATA_SF_AN 0x05 > #define ATA_SF_DIS_SATA_SF 0x90 > =20 > /* > @@ -119,6 +119,8 @@ static FILE *dbg; > #endif > #define WPRINTF(format, arg...) printf(format, ##arg) > =20 > +#define AHCI_PORT_IDENT 20 + 1 > + > struct ahci_ioreq { > struct blockif_req io_req; > struct ahci_port *io_pr; > @@ -136,7 +138,7 @@ struct ahci_port { > struct pci_ahci_softc *pr_sc; > uint8_t *cmd_lst; > uint8_t *rfis; > - char ident[20 + 1]; > + char ident[AHCI_PORT_IDENT]; > int port; > int atapi; > int reset; > @@ -2374,7 +2376,8 @@ pci_ahci_init(struct vmctx *ctx, struct pci_devinst= *p > MD5Init(&mdctx); > MD5Update(&mdctx, opts, strlen(opts)); > MD5Final(digest, &mdctx); > - sprintf(sc->port[p].ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X", > + snprintf(sc->port[p].ident, AHCI_PORT_IDENT, > + "BHYVE-%02X%02X-%02X%02X-%02X%02X", > digest[0], digest[1], digest[2], digest[3], digest[4], > digest[5]); > =20 >=20 > Modified: head/usr.sbin/bhyve/pci_virtio_block.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/usr.sbin/bhyve/pci_virtio_block.c Tue Nov 20 22:12:10 2018 (r340= 706) > +++ head/usr.sbin/bhyve/pci_virtio_block.c Tue Nov 20 22:21:19 2018 (r340= 707) > @@ -61,7 +61,7 @@ __FBSDID("$FreeBSD$"); > #define VTBLK_S_IOERR 1 > #define VTBLK_S_UNSUPP 2 > =20 > -#define VTBLK_BLK_ID_BYTES 20 > +#define VTBLK_BLK_ID_BYTES 20 + 1 > =20 > /* Capability bits */ > #define VTBLK_F_SEG_MAX (1 << 2) /* Maximum request segments */ > @@ -344,7 +344,8 @@ pci_vtblk_init(struct vmctx *ctx, struct pci_devinst * > MD5Init(&mdctx); > MD5Update(&mdctx, opts, strlen(opts)); > MD5Final(digest, &mdctx); > - sprintf(sc->vbsc_ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X", > + snprintf(sc->vbsc_ident, VTBLK_BLK_ID_BYTES, > + "BHYVE-%02X%02X-%02X%02X-%02X%02X", > digest[0], digest[1], digest[2], digest[3], digest[4], digest[5]); > =20 > /* setup virtio block config space */ Hey Marcelo, Thanks for committing this. Could VTBLK_BLK_ID_BYTES and AHCI_PORT_IDENT be merged into the same macro, defined in usr.sbin/bhyve/pci_emul.h? Especially since both equate to the same value. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --qf5lp2runf5q3qgd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlv0pV0ACgkQaoRlj1JF bu7sEQ//RqaPN3xVSxteX4+el9RGjOEHxqV2/yaSJZbgOvmM9cbByivnEL59v4q/ 8t9O8KbrPrnBmLPqtNpwQCnEHxafBRhboSmzSiIrrsR2tfPkZ6h13l/0jChQMxXV AyutHMbyROJ6/d4vjGQEy1oiswBjcKWQGy+9qt5bjOmMgjDDZvvfHdsEQlJ5ZXEe 0umTnhX6wR/mt6JKlvOnF110ceZn6O5Y/TiTn8s22L6PjNOZmOfVsDHhQZ5Dmc2A TWzNIY7KiHQF+K42jLlQF0QUNAczeuLnjAopWsVF5uganBw/g7qmlFAo5Dru/HFz wGLY0wjsfbOMq6VnFq97UuPUakYxIaNXbOd1UX6SpHm0wGT8MTifBQG5BoKL5JNI pAOHOj38yMCrRt2TcmMGia3++OpSU6nTiEgNjdazHfdj4zceLCuYYZUZX9gYLFeK Gn747fbRUKeRvZ43DK0TlOV5lmuiafLO4B9aGbMFqYB6Ty33IbzhiFr1yj8XBKL7 oj/V8gBEajTSux+/2X0rXaKsCIbMPwOV23ZYqO/2iLldssompbZGzn6aFSvctSMP SzlcJ7jXfvSCbZ1+AC0DSH96ADkRLTp+IziRTg88LwZZt4Uu9r4ljTwgM5yNt5z2 oT5ij4B8t/kyTqeWhBuZQXbodJq4m+OFKG7Tp9UHDcsmCCCAHEc= =mQ8k -----END PGP SIGNATURE----- --qf5lp2runf5q3qgd--