From owner-freebsd-audit  Mon Oct  9 13:28:23 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.161.193])
	by hub.freebsd.org (Postfix) with ESMTP id E76DE37B503
	for <FreeBSD-audit@FreeBSD.ORG>; Mon,  9 Oct 2000 13:28:20 -0700 (PDT)
Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190])
	by lennier.cc.vt.edu (8.11.0/8.11.0) with ESMTP id e99KSJt180513;
	Mon, 9 Oct 2000 16:28:19 -0400 (EDT)
Received: from muriel.penguinpowered.com ([198.82.100.195])
 by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10)
 with ESMTP id <0G2600C43JJ6G5@gkar.cc.vt.edu>; Mon,
 9 Oct 2000 16:28:18 -0400 (EDT)
Date: Mon, 09 Oct 2000 16:23:24 -0400 (EDT)
From: Mike Heffner <mheffner@vt.edu>
Subject: Re: mount_mfs (newfs) overflow fix
In-reply-to: <200010091817.MAA13523@harmony.village.org>
To: Warner Losh <imp@village.org>
Cc: FreeBSD-audit <FreeBSD-audit@FreeBSD.ORG>
Message-id: <XFMail.20001009162324.mheffner@vt.edu>
MIME-version: 1.0
X-Mailer: XFMail 1.4.4 on FreeBSD
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 8bit
X-Priority: 3 (Normal)
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 09-Oct-2000 Warner Losh wrote:
| : --- newfs.c.orig        Mon Oct  9 13:50:11 2000
| : +++ newfs.c     Mon Oct  9 13:37:10 2000
| : @@ -167,7 +167,7 @@
| :  
| :  #define NSECTORS       4096    /* number of sectors */
| :  
| : -int    mfs;                    /* run as the memory based filesystem */
| : +int    mfs = 0;                        /* run as the memory based
| : filesystem */
|  
|  This is a null change.  mfs already, per the C standard, is guaranteed 
|  to be initialized to 0.  As it isn't an automatic variable, its
|  initialization value is known.  Adding the = 0 will increase the data
|  segment by 4 bytes, which increases the file size by 4 bytes because
|  initialized data is stored in the binary, while bss data isn't.

Didn't realize that, forget that part then.

|  
| : -               (void)sprintf(device, "%s%s", _PATH_DEV, special);
| : +               (void)snprintf(device, sizeof(device), "%s%s", _PATH_DEV,
|  
|  This almost certainly is harmless.  However, it likely is a good
|  change.
|  

I made the change so that it couldn't be overflowed from the command line
arguments.


-- 
  Mike Heffner     <mheffner@vt.edu>
  Fredericksburg, VA     ICQ# 882073
  http://my.ispchannel.com/~mheffner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message