svn commit: r199683 - stable/7/sys/kern
Attilio Rao
attilio at FreeBSD.org
Sun Nov 22 23:51:52 UTC 2009
Author: attilio
Date: Sun Nov 22 23:51:51 2009
New Revision: 199683
URL: http://svn.freebsd.org/changeset/base/199683
Log:
MFC r199209:
Fix a potential buffer boundaries overflow in devclass_add_device() by
using all available int lenghts digits for storing the information.
Modified:
stable/7/sys/kern/subr_bus.c
Directory Properties:
stable/7/sys/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
Modified: stable/7/sys/kern/subr_bus.c
==============================================================================
--- stable/7/sys/kern/subr_bus.c Sun Nov 22 23:46:44 2009 (r199682)
+++ stable/7/sys/kern/subr_bus.c Sun Nov 22 23:51:51 2009 (r199683)
@@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$");
#include <sys/lock.h>
#include <sys/kernel.h>
#include <sys/kobj.h>
+#include <sys/limits.h>
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/mutex.h>
@@ -1394,7 +1395,7 @@ devclass_add_device(devclass_t dc, devic
PDEBUG(("%s in devclass %s", DEVICENAME(dev), DEVCLANAME(dc)));
- buflen = snprintf(NULL, 0, "%s%d$", dc->name, dev->unit);
+ buflen = snprintf(NULL, 0, "%s%d$", dc->name, INT_MAX);
if (buflen < 0)
return (ENOMEM);
dev->nameunit = malloc(buflen, M_BUS, M_NOWAIT|M_ZERO);
More information about the svn-src-all
mailing list