Date: Tue, 16 Apr 2013 19:58:24 +0000 (UTC) From: Ivan Voras <ivoras@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r249564 - head/sys/geom/label Message-ID: <201304161958.r3GJwO2h084815@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ivoras Date: Tue Apr 16 19:58:24 2013 New Revision: 249564 URL: http://svnweb.freebsd.org/changeset/base/249564 Log: Fix the buffer-overflow-fixing fixes. Pointy-hat to: me, for not realizing snprintf() is available in kernel. Thanks to: jh, for bringing me the good news of snprintf(), Pawel Worach, for noting that the panic can be provoked in i386 and not in amd64 Modified: head/sys/geom/label/g_label_disk_ident.c Modified: head/sys/geom/label/g_label_disk_ident.c ============================================================================== --- head/sys/geom/label/g_label_disk_ident.c Tue Apr 16 19:39:27 2013 (r249563) +++ head/sys/geom/label/g_label_disk_ident.c Tue Apr 16 19:58:24 2013 (r249564) @@ -40,38 +40,41 @@ __FBSDID("$FreeBSD$"); #define G_LABEL_DISK_IDENT_DIR "diskid" -static char* classes_pass[] = { G_DISK_CLASS_NAME, G_MULTIPATH_CLASS_NAME, NULL }; +static char* classes_pass[] = { G_DISK_CLASS_NAME, G_MULTIPATH_CLASS_NAME, + NULL }; static void g_label_disk_ident_taste(struct g_consumer *cp, char *label, size_t size) { struct g_class *cls; char ident[100]; - int ident_len = sizeof(ident); + int ident_len, found, i; g_topology_assert_not(); label[0] = '\0'; cls = cp->provider->geom->class; - /* Get the GEOM::ident string and construct a label in the format CLASS_NAME-ident */ + /* + * Get the GEOM::ident string, and construct a label in the format + * "CLASS_NAME-ident" + */ + ident_len = sizeof(ident); if (g_io_getattr("GEOM::ident", cp, &ident_len, ident) == 0) { - int i, found = 0; - if (ident_len == 0 || ident[0] == '\0') return; - for (i = 0; classes_pass[i] != NULL; i++) - if (strcmp(classes_pass[i], cls->name) == 0) + for (i = 0, found = 0; classes_pass[i] != NULL; i++) + if (strcmp(classes_pass[i], cls->name) == 0) { found = 1; + break; + } if (!found) return; - if (strlen(cls->name) + ident_len + 2 > size) - ident[ident_len - strlen(cls->name) - 2] = '\0'; - else - ident[ident_len] = '\0'; - strcpy(label, cls->name); - strcat(label, "-"); - strcat(label, ident); + /* + * We can safely ignore the result of strncpy; the label will + * simply be truncated, which at most is only annoying. + */ + (void)snprintf(label, size, "%s-%s", cls->name, ident); } } @@ -81,4 +84,5 @@ struct g_label_desc g_label_disk_ident = .ld_enabled = 1 }; -G_LABEL_INIT(disk_ident, g_label_disk_ident, "Create device nodes for drives which export a disk identification string"); +G_LABEL_INIT(disk_ident, g_label_disk_ident, "Create device nodes for drives " + "which export a disk identification string");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304161958.r3GJwO2h084815>