From owner-svn-src-stable-11@freebsd.org Mon Mar 12 17:36:38 2018 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72F41F2EDE8; Mon, 12 Mar 2018 17:36:38 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 227A587A48; Mon, 12 Mar 2018 17:36:38 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 18D026D25; Mon, 12 Mar 2018 17:36:38 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2CHabCq008106; Mon, 12 Mar 2018 17:36:37 GMT (envelope-from eugen@FreeBSD.org) Received: (from eugen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2CHabOT008099; Mon, 12 Mar 2018 17:36:37 GMT (envelope-from eugen@FreeBSD.org) Message-Id: <201803121736.w2CHabOT008099@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eugen set sender to eugen@FreeBSD.org using -f From: Eugene Grosbein Date: Mon, 12 Mar 2018 17:36:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r330804 - stable/11/usr.sbin/ppp X-SVN-Group: stable-11 X-SVN-Commit-Author: eugen X-SVN-Commit-Paths: stable/11/usr.sbin/ppp X-SVN-Commit-Revision: 330804 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2018 17:36:38 -0000 Author: eugen Date: Mon Mar 12 17:36:37 2018 New Revision: 330804 URL: https://svnweb.freebsd.org/changeset/base/330804 Log: MFC r329105: ppp(8): fix code producing debugging logs ppp(8): fix code producing debugging logs Fix several cases when long buffer is copied to shorter one using snprintf that results in contents truncation and clobbering unsaved errno value and creation of misleading logs. PR: 218517 Approved by: mav (mentor) Modified: stable/11/usr.sbin/ppp/defs.h stable/11/usr.sbin/ppp/iface.c stable/11/usr.sbin/ppp/ip.c stable/11/usr.sbin/ppp/ipv6cp.c stable/11/usr.sbin/ppp/ncpaddr.c stable/11/usr.sbin/ppp/route.c Directory Properties: stable/11/ (props changed) Modified: stable/11/usr.sbin/ppp/defs.h ============================================================================== --- stable/11/usr.sbin/ppp/defs.h Mon Mar 12 17:05:53 2018 (r330803) +++ stable/11/usr.sbin/ppp/defs.h Mon Mar 12 17:36:37 2018 (r330804) @@ -119,6 +119,8 @@ #define ROUNDUP(x) ((x) ? (1 + (((x) - 1) | (sizeof(long) - 1))) : sizeof(long)) +#define NCP_ASCIIBUFFERSIZE 52 + #ifdef __NetBSD__ extern void randinit(void); #else Modified: stable/11/usr.sbin/ppp/iface.c ============================================================================== --- stable/11/usr.sbin/ppp/iface.c Mon Mar 12 17:05:53 2018 (r330803) +++ stable/11/usr.sbin/ppp/iface.c Mon Mar 12 17:36:37 2018 (r330804) @@ -208,7 +208,7 @@ iface_addr_Zap(const char *name, struct iface_addr *ad #endif struct sockaddr_in *me4, *msk4, *peer4; struct sockaddr_storage ssme, sspeer, ssmsk; - int res; + int res, saved_errno; ncprange_getsa(&addr->ifa, &ssme, &ssmsk); ncpaddr_getsa(&addr->peer, &sspeer); @@ -234,8 +234,9 @@ iface_addr_Zap(const char *name, struct iface_addr *ad memcpy(peer4, &sspeer, sizeof *peer4); res = ID0ioctl(s, SIOCDIFADDR, &ifra); + saved_errno = errno; if (log_IsKept(LogDEBUG)) { - char buf[100]; + char buf[NCP_ASCIIBUFFERSIZE]; snprintf(buf, sizeof buf, "%s", ncprange_ntoa(&addr->ifa)); log_Printf(LogWARN, "%s: DIFADDR %s -> %s returns %d\n", @@ -259,12 +260,13 @@ iface_addr_Zap(const char *name, struct iface_addr *ad ifra6.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; res = ID0ioctl(s, SIOCDIFADDR_IN6, &ifra6); + saved_errno = errno; break; #endif } if (res == -1) { - char dst[40]; + char dst[NCP_ASCIIBUFFERSIZE]; const char *end = #ifndef NOINET6 ncprange_family(&addr->ifa) == AF_INET6 ? "_IN6" : @@ -273,11 +275,11 @@ iface_addr_Zap(const char *name, struct iface_addr *ad if (ncpaddr_family(&addr->peer) == AF_UNSPEC) log_Printf(LogWARN, "iface rm: ioctl(SIOCDIFADDR%s, %s): %s\n", - end, ncprange_ntoa(&addr->ifa), strerror(errno)); + end, ncprange_ntoa(&addr->ifa), strerror(saved_errno)); else { snprintf(dst, sizeof dst, "%s", ncpaddr_ntoa(&addr->peer)); log_Printf(LogWARN, "iface rm: ioctl(SIOCDIFADDR%s, %s -> %s): %s\n", - end, ncprange_ntoa(&addr->ifa), dst, strerror(errno)); + end, ncprange_ntoa(&addr->ifa), dst, strerror(saved_errno)); } } @@ -293,7 +295,7 @@ iface_addr_Add(const char *name, struct iface_addr *ad #endif struct sockaddr_in *me4, *msk4, *peer4; struct sockaddr_storage ssme, sspeer, ssmsk; - int res; + int res, saved_errno; ncprange_getsa(&addr->ifa, &ssme, &ssmsk); ncpaddr_getsa(&addr->peer, &sspeer); @@ -319,8 +321,9 @@ iface_addr_Add(const char *name, struct iface_addr *ad memcpy(peer4, &sspeer, sizeof *peer4); res = ID0ioctl(s, SIOCAIFADDR, &ifra); + saved_errno = errno; if (log_IsKept(LogDEBUG)) { - char buf[100]; + char buf[NCP_ASCIIBUFFERSIZE]; snprintf(buf, sizeof buf, "%s", ncprange_ntoa(&addr->ifa)); log_Printf(LogWARN, "%s: AIFADDR %s -> %s returns %d\n", @@ -344,12 +347,13 @@ iface_addr_Add(const char *name, struct iface_addr *ad ifra6.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME; res = ID0ioctl(s, SIOCAIFADDR_IN6, &ifra6); + saved_errno = errno; break; #endif } if (res == -1) { - char dst[40]; + char dst[NCP_ASCIIBUFFERSIZE]; const char *end = #ifndef NOINET6 ncprange_family(&addr->ifa) == AF_INET6 ? "_IN6" : @@ -358,11 +362,11 @@ iface_addr_Add(const char *name, struct iface_addr *ad if (ncpaddr_family(&addr->peer) == AF_UNSPEC) log_Printf(LogWARN, "iface add: ioctl(SIOCAIFADDR%s, %s): %s\n", - end, ncprange_ntoa(&addr->ifa), strerror(errno)); + end, ncprange_ntoa(&addr->ifa), strerror(saved_errno)); else { snprintf(dst, sizeof dst, "%s", ncpaddr_ntoa(&addr->peer)); log_Printf(LogWARN, "iface add: ioctl(SIOCAIFADDR%s, %s -> %s): %s\n", - end, ncprange_ntoa(&addr->ifa), dst, strerror(errno)); + end, ncprange_ntoa(&addr->ifa), dst, strerror(saved_errno)); } } Modified: stable/11/usr.sbin/ppp/ip.c ============================================================================== --- stable/11/usr.sbin/ppp/ip.c Mon Mar 12 17:05:53 2018 (r330803) +++ stable/11/usr.sbin/ppp/ip.c Mon Mar 12 17:36:37 2018 (r330804) @@ -226,7 +226,7 @@ FilterCheck(const unsigned char *packet, int match; /* true if condition matched */ int mindata; /* minimum data size or zero */ const struct filterent *fp = filter->rule; - char dbuff[100], dstip[16]; + char dbuff[100], dstip[NCP_ASCIIBUFFERSIZE]; struct ncpaddr srcaddr, dstaddr; const char *payload; /* IP payload */ int datalen; /* IP datagram length */ Modified: stable/11/usr.sbin/ppp/ipv6cp.c ============================================================================== --- stable/11/usr.sbin/ppp/ipv6cp.c Mon Mar 12 17:05:53 2018 (r330803) +++ stable/11/usr.sbin/ppp/ipv6cp.c Mon Mar 12 17:36:37 2018 (r330804) @@ -467,7 +467,7 @@ ipv6cp_LayerUp(struct fsm *fp) { /* We're now up */ struct ipv6cp *ipv6cp = fsm2ipv6cp(fp); - char tbuff[40]; + char tbuff[NCP_ASCIIBUFFERSIZE]; log_Printf(LogIPV6CP, "%s: LayerUp.\n", fp->link->name); if (!ipv6cp_InterfaceUp(ipv6cp)) @@ -524,7 +524,7 @@ ipv6cp_LayerDown(struct fsm *fp) /* About to come down */ struct ipv6cp *ipv6cp = fsm2ipv6cp(fp); static int recursing; - char addr[40]; + char addr[NCP_ASCIIBUFFERSIZE]; if (!recursing++) { snprintf(addr, sizeof addr, "%s", ncpaddr_ntoa(&ipv6cp->myaddr)); Modified: stable/11/usr.sbin/ppp/ncpaddr.c ============================================================================== --- stable/11/usr.sbin/ppp/ncpaddr.c Mon Mar 12 17:05:53 2018 (r330803) +++ stable/11/usr.sbin/ppp/ncpaddr.c Mon Mar 12 17:36:37 2018 (r330804) @@ -78,8 +78,6 @@ #define ncpaddr_ip6addr u.ip6addr #endif -#define NCP_ASCIIBUFFERSIZE 52 - static struct in_addr bits2mask4(int bits) { Modified: stable/11/usr.sbin/ppp/route.c ============================================================================== --- stable/11/usr.sbin/ppp/route.c Mon Mar 12 17:05:53 2018 (r330803) +++ stable/11/usr.sbin/ppp/route.c Mon Mar 12 17:36:37 2018 (r330804) @@ -437,7 +437,7 @@ route_IfDelete(struct bundle *bundle, int all) ) && (all || (rtm->rtm_flags & RTF_GATEWAY))) { if (log_IsKept(LogDEBUG)) { - char gwstr[41]; + char gwstr[NCP_ASCIIBUFFERSIZE]; struct ncpaddr gw; ncprange_setsa(&range, sa[RTAX_DST], sa[RTAX_NETMASK]); ncpaddr_setsa(&gw, sa[RTAX_GATEWAY]); @@ -843,7 +843,7 @@ failed: } if (log_IsKept(LogDEBUG)) { - char gwstr[40]; + char gwstr[NCP_ASCIIBUFFERSIZE]; if (gw) snprintf(gwstr, sizeof gwstr, "%s", ncpaddr_ntoa(gw));