svn commit: r280000 - head/sys/kern
John Baldwin
jhb at freebsd.org
Mon Mar 16 15:23:23 UTC 2015
On Saturday, March 14, 2015 06:46:33 PM Ian Lepore wrote:
> Author: ian
> Date: Sat Mar 14 18:46:33 2015
> New Revision: 280000
> URL: https://svnweb.freebsd.org/changeset/base/280000
>
> Log:
> Use sbuf_new_for_sysctl() instead of plain sbuf_new() to ensure sysctl
> string returned to userland is nulterminated.
>
> PR: 195668
>
> Modified:
> head/sys/kern/kern_fail.c
>
> Modified: head/sys/kern/kern_fail.c
> ==============================================================================
> --- head/sys/kern/kern_fail.c Sat Mar 14 18:42:30 2015 (r279999)
> +++ head/sys/kern/kern_fail.c Sat Mar 14 18:46:33 2015 (r280000)
> @@ -394,11 +394,10 @@ fail_point_sysctl(SYSCTL_HANDLER_ARGS)
> int error;
>
> /* Retrieving */
> - sbuf_new(&sb, NULL, 128, SBUF_AUTOEXTEND);
> + sbuf_new_for_sysctl(&sb, NULL, 128, req);
> fail_point_get(fp, &sb);
> sbuf_trim(&sb);
> - sbuf_finish(&sb);
> - error = SYSCTL_OUT(req, sbuf_data(&sb), sbuf_len(&sb));
> + error = sbuf_finish(&sb);
> sbuf_delete(&sb);
This one is also unsafe (fail_point_get() uses sbuf_printf() under FP_LOCK()).
--
John Baldwin
More information about the svn-src-head
mailing list