Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/arch correct/add protection against snprintf overflow.
details: https://anonhg.NetBSD.org/src/rev/ab80732be09c
branches: trunk
changeset: 328135:ab80732be09c
user: christos <christos%NetBSD.org@localhost>
date: Thu Mar 27 18:22:56 2014 +0000
description:
correct/add protection against snprintf overflow.
diffstat:
sys/arch/dreamcast/dev/maple/maple.c | 8 +++++---
sys/arch/ia64/disasm/disasm_format.c | 10 ++++++++--
sys/arch/ia64/stand/efi/libefi/devicename.c | 24 ++++++++++++++++--------
sys/arch/ia64/stand/ia64/ski/devicename.c | 28 ++++++++++++++++++----------
sys/arch/next68k/dev/esp.c | 28 ++++++++++++++++++++++++++--
sys/arch/prep/prep/autoconf.c | 16 ++++++++++++++--
sys/arch/prep/prep/residual.c | 6 ++++--
sys/arch/sparc/sparc/cpu.c | 11 ++++++-----
sys/arch/x86/acpi/acpi_cpu_md.c | 6 ++++--
sys/arch/x86/x86/est.c | 6 ++++--
sys/arch/x86/x86/odcm.c | 6 ++++--
sys/arch/x86/x86/procfs_machdep.c | 20 ++++++++++----------
sys/arch/xen/xen/pciback.c | 20 ++++++++++++++------
sys/arch/xen/xenbus/xenbus_client.c | 6 +++---
14 files changed, 136 insertions(+), 59 deletions(-)
diffs (truncated from 623 to 300 lines):
diff -r d6b1a814d517 -r ab80732be09c sys/arch/dreamcast/dev/maple/maple.c
--- a/sys/arch/dreamcast/dev/maple/maple.c Thu Mar 27 17:31:56 2014 +0000
+++ b/sys/arch/dreamcast/dev/maple/maple.c Thu Mar 27 18:22:56 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: maple.c,v 1.49 2014/03/26 16:08:45 christos Exp $ */
+/* $NetBSD: maple.c,v 1.50 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: maple.c,v 1.49 2014/03/26 16:08:45 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: maple.c,v 1.50 2014/03/27 18:22:56 christos Exp $");
#include <sys/param.h>
#include <sys/device.h>
@@ -353,7 +353,9 @@
static char *
maple_unit_name(char *buf, size_t len, int port, int subunit)
{
- int l = snprintf(buf, len, "maple%c", port + 'A');
+ size_t l = snprintf(buf, len, "maple%c", port + 'A');
+ if (l > len)
+ l = len;
if (subunit)
snprintf(buf + l, len - l, "%d", subunit);
diff -r d6b1a814d517 -r ab80732be09c sys/arch/ia64/disasm/disasm_format.c
--- a/sys/arch/ia64/disasm/disasm_format.c Thu Mar 27 17:31:56 2014 +0000
+++ b/sys/arch/ia64/disasm/disasm_format.c Thu Mar 27 18:22:56 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: disasm_format.c,v 1.2 2014/03/25 18:35:32 christos Exp $ */
+/* $NetBSD: disasm_format.c,v 1.3 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 2000-2003 Marcel Moolenaar
@@ -277,6 +277,8 @@
}
if (n[0] != '\0') {
l = snprintf(buf, buflen, "%s[", n);
+ if (l > buflen)
+ l = buflen;
buf += l;
buflen -= l;
}
@@ -284,7 +286,11 @@
case 1: l = strlcpy(buf, "gp", buflen); break;
case 12: l = strlcpy(buf, "sp", buflen); break;
case 13: l = strlcpy(buf, "tp", buflen); break;
- default: l += snprintf(buf, buflen, "r%d", (int)o->o_value); break;
+ default:
+ l += snprintf(buf, buflen, "r%d", (int)o->o_value);
+ if (l > buflen)
+ l = buflen;
+ break;
}
buf += l;
buflen -= l;
diff -r d6b1a814d517 -r ab80732be09c sys/arch/ia64/stand/efi/libefi/devicename.c
--- a/sys/arch/ia64/stand/efi/libefi/devicename.c Thu Mar 27 17:31:56 2014 +0000
+++ b/sys/arch/ia64/stand/efi/libefi/devicename.c Thu Mar 27 18:22:56 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: devicename.c,v 1.6 2014/03/25 18:35:33 christos Exp $ */
+/* $NetBSD: devicename.c,v 1.7 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 1998 Michael Smith <msmith%freebsd.org@localhost>
@@ -208,7 +208,7 @@
{
struct efi_devdesc *dev = (struct efi_devdesc *)vdev;
static char buf[128]; /* XXX device length constant? */
- size_t len;
+ size_t len, buflen = sizeof(buf);
switch(dev->d_type) {
case DEVT_NONE:
@@ -216,16 +216,24 @@
break;
case DEVT_DISK:
- len = snprintf(buf, sizeof(buf), "%s%d", dev->d_dev->dv_name, dev->d_kind.efidisk.unit);
- if (dev->d_kind.efidisk.slice > 0)
- len += snprintf(buf + len, sizeof(buf) - len, "s%d", dev->d_kind.efidisk.slice);
- if (dev->d_kind.efidisk.partition >= 0)
- len += snprintf(buf + len, sizeof(buf) - len, "%c", dev->d_kind.efidisk.partition + 'a');
+ len = snprintf(buf, buflen, "%s%d", dev->d_dev->dv_name, dev->d_kind.efidisk.unit);
+ if (len > buflen)
+ len = buflen;
+ if (dev->d_kind.efidisk.slice > 0) {
+ len += snprintf(buf + len, buflen - len, "s%d", dev->d_kind.efidisk.slice);
+ if (len > buflen)
+ len = buflen;
+ }
+ if (dev->d_kind.efidisk.partition >= 0) {
+ len += snprintf(buf + len, buflen - len, "%c", dev->d_kind.efidisk.partition + 'a');
+ if (len > buflen)
+ }
+ len = buflen;
strlcat(buf, ":", sizeof(buf) - len);
break;
case DEVT_NET:
- snprintf(buf, sizeof(buf), "%s%d:", dev->d_dev->dv_name, dev->d_kind.netif.unit);
+ snprintf(buf, buflen, "%s%d:", dev->d_dev->dv_name, dev->d_kind.netif.unit);
break;
}
return(buf);
diff -r d6b1a814d517 -r ab80732be09c sys/arch/ia64/stand/ia64/ski/devicename.c
--- a/sys/arch/ia64/stand/ia64/ski/devicename.c Thu Mar 27 17:31:56 2014 +0000
+++ b/sys/arch/ia64/stand/ia64/ski/devicename.c Thu Mar 27 18:22:56 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: devicename.c,v 1.5 2014/03/25 18:35:33 christos Exp $ */
+/* $NetBSD: devicename.c,v 1.6 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 1998 Michael Smith <msmith%freebsd.org@localhost>
@@ -203,24 +203,32 @@
{
struct ski_devdesc *dev = (struct ski_devdesc *)vdev;
static char buf[128]; /* XXX device length constant? */
- size_t len;
+ size_t len, buflen = sizeof(buf);
switch(dev->d_type) {
case DEVT_NONE:
- strcpy(buf, "(no device)");
+ strlcpy(buf, "(no device)", buflen);
break;
case DEVT_DISK:
- len = snprintf(buf, sizeof(buf), "%s%d", dev->d_dev->dv_name, dev->d_kind.skidisk.unit);
- if (dev->d_kind.skidisk.slice > 0)
- len = snprintf(buf, sizeof(buf) - len, "s%d", dev->d_kind.skidisk.slice);
- if (dev->d_kind.skidisk.partition >= 0)
- len = snprintf(buf, sizeof(buf) - len, "%c", dev->d_kind.skidisk.partition + 'a');
- strlcat(cp, ":", sizeof(buf) - len);
+ len = snprintf(buf, buflen, "%s%d", dev->d_dev->dv_name, dev->d_kind.skidisk.unit);
+ if (len > buflen)
+ len = buflen;
+ if (dev->d_kind.skidisk.slice > 0) {
+ len += snprintf(buf + len, buflen - len, "s%d", dev->d_kind.skidisk.slice);
+ if (len > buflen)
+ len = buflen;
+ }
+ if (dev->d_kind.skidisk.partition >= 0) {
+ len += snprintf(buf + len, buflen - len, "%c", dev->d_kind.skidisk.partition + 'a');
+ if (len > buflen)
+ len = buflen;
+ }
+ strlcat(cp, ":", buflen - len);
break;
case DEVT_NET:
- snprintf(buf, sizeof(buf) - len, "%s%d:", dev->d_dev->dv_name, dev->d_kind.netif.unit);
+ snprintf(buf, buflen - len, "%s%d:", dev->d_dev->dv_name, dev->d_kind.netif.unit);
break;
}
return(buf);
diff -r d6b1a814d517 -r ab80732be09c sys/arch/next68k/dev/esp.c
--- a/sys/arch/next68k/dev/esp.c Thu Mar 27 17:31:56 2014 +0000
+++ b/sys/arch/next68k/dev/esp.c Thu Mar 27 18:22:56 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: esp.c,v 1.61 2014/03/25 19:41:32 christos Exp $ */
+/* $NetBSD: esp.c,v 1.62 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 1997, 1998 The NetBSD Foundation, Inc.
@@ -75,7 +75,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: esp.c,v 1.61 2014/03/25 19:41:32 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: esp.c,v 1.62 2014/03/27 18:22:56 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -1155,8 +1155,12 @@
l += snprintf(p + l, len - l, "%s: sc_datain=%d\n",
device_xname(sc->sc_dev), esc->sc_datain);
+ if (l > len)
+ return;
l += snprintf(p + l, len - l, "%s: sc_loaded=0x%08x\n",
device_xname(sc->sc_dev), esc->sc_loaded);
+ if (l > len)
+ return;
if (esc->sc_dmaaddr) {
l += snprintf(p + l, len - l, "%s: sc_dmaaddr=%p\n",
@@ -1165,6 +1169,8 @@
l += snprintf(p + l, len - l, "%s: sc_dmaaddr=NULL\n",
device_xname(sc->sc_dev));
}
+ if (l > len)
+ return;
if (esc->sc_dmalen) {
l += snprintf(p + l, len - l, "%s: sc_dmalen=0x%08x\n",
device_xname(sc->sc_dev), *esc->sc_dmalen);
@@ -1172,19 +1178,29 @@
l += snprintf(p + l, len - l, "%s: sc_dmalen=NULL\n",
device_xname(sc->sc_dev));
}
+ if (l > len)
+ return;
l += snprintf(p + l, len - l, "%s: sc_dmasize=0x%08x\n",
device_xname(sc->sc_dev), esc->sc_dmasize);
+ if (l > len)
+ return;
l += snprintf(p + l, len - l, "%s: sc_begin = %p, sc_begin_size = 0x%08x\n",
+ if (l > len)
+ return;
device_xname(sc->sc_dev), esc->sc_begin, esc->sc_begin_size);
l += snprintf(p + l, len - l, "%s: sc_main = %p, sc_main_size = 0x%08x\n",
device_xname(sc->sc_dev), esc->sc_main, esc->sc_main_size);
+ if (l > len)
+ return;
/* if (esc->sc_main) */ {
int i;
bus_dmamap_t map = esc->sc_main_dmamap;
l += snprintf(p + l, len - l, "%s: sc_main_dmamap."
" mapsize = 0x%08lx, nsegs = %d\n",
device_xname(sc->sc_dev), map->dm_mapsize, map->dm_nsegs);
+ if (l > len)
+ return;
for(i = 0; i < map->dm_nsegs; i++) {
l += snprintf(p + l, len - l, "%s:"
" map->dm_segs[%d].ds_addr = 0x%08lx,"
@@ -1192,16 +1208,22 @@
device_xname(sc->sc_dev),
i, map->dm_segs[i].ds_addr,
map->dm_segs[i].ds_len);
+ if (l > len)
+ return;
}
}
l += snprintf(p + l, len - l, "%s: sc_tail = %p, sc_tail_size = 0x%08x\n",
device_xname(sc->sc_dev), esc->sc_tail, esc->sc_tail_size);
+ if (l > len)
+ return;
/* if (esc->sc_tail) */ {
int i;
bus_dmamap_t map = esc->sc_tail_dmamap;
l += snprintf(p + l, len - l, "%s: sc_tail_dmamap."
" mapsize = 0x%08lx, nsegs = %d\n",
device_xname(sc->sc_dev), map->dm_mapsize, map->dm_nsegs);
+ if (l > len)
+ return;
for (i = 0; i < map->dm_nsegs; i++) {
l += snprintf(p + l, len - l, "%s:"
" map->dm_segs[%d].ds_addr = 0x%08lx,"
@@ -1209,6 +1231,8 @@
device_xname(sc->sc_dev),
i, map->dm_segs[i].ds_addr,
map->dm_segs[i].ds_len);
+ if (l > len)
+ return;
}
}
}
diff -r d6b1a814d517 -r ab80732be09c sys/arch/prep/prep/autoconf.c
--- a/sys/arch/prep/prep/autoconf.c Thu Mar 27 17:31:56 2014 +0000
+++ b/sys/arch/prep/prep/autoconf.c Thu Mar 27 18:22:56 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: autoconf.c,v 1.26 2013/06/28 14:42:31 christos Exp $ */
+/* $NetBSD: autoconf.c,v 1.27 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 2006 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: autoconf.c,v 1.26 2013/06/28 14:42:31 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: autoconf.c,v 1.27 2014/03/27 18:22:56 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -167,11 +167,15 @@
n = snprintf(devpath, sizeof(devpath), "%s@",
pna->pna_devid);
io = SIMPLEQ_FIRST(&pna->pna_res.io);
+ if (n > sizeof(devpath))
+ n = sizeof(devpath);
if (io != NULL)
n += snprintf(devpath + n, sizeof(devpath) - n, "%x",
io->minbase);
}
+ if (n > sizeof(devpath))
+ n = sizeof(devpath);
/* we can't trust the device tag on the ethernet, because
* the spec lies about how it is formed. Therefore we will leave it
* blank, and trim the end off any ethernet stuff. */
@@ -190,8 +194,12 @@
struct scsipibus_attach_args *sa = aux;
/* periph_target is target for scsi, drive # for atapi */
Home |
Main Index |
Thread Index |
Old Index