From owner-p4-projects@FreeBSD.ORG Thu May 29 16:42:38 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E0F7937B404; Thu, 29 May 2003 16:42:37 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66A3F37B401; Thu, 29 May 2003 16:42:37 -0700 (PDT) Received: from garple.migus.org (pcp243563pcs.howard01.md.comcast.net [68.55.84.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 683C043F3F; Thu, 29 May 2003 16:42:36 -0700 (PDT) (envelope-from adam@migus.org) Received: from migus.org (localhost [127.0.0.1]) by garple.migus.org (8.12.7/8.12.7) with SMTP id h4TNgZZ3005890; Thu, 29 May 2003 19:42:35 -0400 (EDT) (envelope-from adam@migus.org) Received: from 205.227.136.1 (SquirrelMail authenticated user adam) by mail.migus.org with HTTP; Thu, 29 May 2003 19:42:35 -0400 (EDT) Message-ID: <41432.205.227.136.1.1054251755.squirrel@mail.migus.org> Date: Thu, 29 May 2003 19:42:35 -0400 (EDT) From: "Adam Migus" To: In-Reply-To: <200305292314.h4TNEYbs070967@repoman.freebsd.org> References: <200305292314.h4TNEYbs070967@repoman.freebsd.org> X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=-19.6 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES version=2.50 X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: perforce@freebsd.org Subject: Re: PERFORCE change 32072 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 23:42:38 -0000 Robert, len can never exceed size which is passed in as the size of the string. Therefor the NULL will always land inside the string. How exactly does snprintf() fail? Adam > http://perforce.freebsd.org/chv.cgi?CH=32072 > > Change 32072 by rwatson@rwatson_tislabs on > 2003/05/29 16:14:02 > > Temporary work-around for overflows in > externalization of > compartment strings in the Biba and MLS policies. > Validate > that the nul we slap down in fact lands inside the > string. > This code generally needs cleaning up, since it > fails to > handle failures by snprintf(). If the provided > string is > too short, this result is preferable to kernel > panics, etc. > > Affected files ... > > .. > //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#209 > edit .. > //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#167 > edit > > Differences ... > > ==== > //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#209 > (text+ko) ==== > > @@ -583,7 +583,11 @@ > } while(bit <= MAC_BIBA_MAX_COMPARTMENTS); > > len = size - left - 1; > - string[len] = '\0'; > + if (len > 0 && len < size) > + string[len] = '\0'; > + else > + string[0] = '\0'; > + > return (len); > > default: > > ==== > //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#167 > (text+ko) ==== > > @@ -547,7 +547,10 @@ > } while(bit <= MAC_MLS_MAX_COMPARTMENTS); > > len = size - left - 1; > - string[len] = '\0'; > + if (len > 0 && len < size) > + string[len] = '\0'; > + else > + string[0] = '\0'; > return (len); > > default: -- Adam Migus - Research Scientist Network Associates Laboratories (http://www.nailabs.com) FreeBSD (http://www.freebsd.org) God may be subtle, but He isn't plain mean. -- Albert Einstein