git: 5d8bf1ffbac5 - stable/13 - mpsutil: Fix data truncation by too short buffers.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Dec 2021 04:07:07 UTC
The branch stable/13 has been updated by mav:
URL: https://cgit.FreeBSD.org/src/commit/?id=5d8bf1ffbac552338eb6fc542a05b0bff61bbcbf
commit 5d8bf1ffbac552338eb6fc542a05b0bff61bbcbf
Author: Alexander Motin <mav@FreeBSD.org>
AuthorDate: 2021-11-30 01:14:13 +0000
Commit: Alexander Motin <mav@FreeBSD.org>
CommitDate: 2021-12-08 04:07:01 +0000
mpsutil: Fix data truncation by too short buffers.
Length of some string buffers was insufficient for cases of more that
99 targets per HBA or slots per enclosure. Some others are tuned just
for better alignment. While there also fix output formatting issues.
MFC after: 1 week
Sponsored by: iXsystems, Inc.
(cherry picked from commit f5b0083302edcf421265530cc01dd87c06b23af1)
---
usr.sbin/mpsutil/mps_show.c | 51 +++++++++++++++++++++++----------------------
1 file changed, 26 insertions(+), 25 deletions(-)
diff --git a/usr.sbin/mpsutil/mps_show.c b/usr.sbin/mpsutil/mps_show.c
index 7c2596497818..d293003fc67f 100644
--- a/usr.sbin/mpsutil/mps_show.c
+++ b/usr.sbin/mpsutil/mps_show.c
@@ -74,7 +74,7 @@ show_adapter(int ac, char **av)
MPI2_IOC_FACTS_REPLY *facts;
U16 IOCStatus;
char *speed, *minspeed, *maxspeed, *isdisabled, *type;
- char devhandle[5], ctrlhandle[5];
+ char devhandle[8], ctrlhandle[8];
int error, fd, v, i;
if (ac != 1) {
@@ -210,13 +210,14 @@ show_adapter(int ac, char **av)
type = get_device_type(le32toh(phy0->ControllerPhyDeviceInfo));
if (le16toh(phy0->AttachedDevHandle) != 0) {
- snprintf(devhandle, 5, "%04x", le16toh(phy0->AttachedDevHandle));
- snprintf(ctrlhandle, 5, "%04x",
+ snprintf(devhandle, sizeof(devhandle), "%04x",
+ le16toh(phy0->AttachedDevHandle));
+ snprintf(ctrlhandle, sizeof(ctrlhandle), "%04x",
le16toh(phy0->ControllerDevHandle));
speed = get_device_speed(phy0->NegotiatedLinkRate);
} else {
- snprintf(devhandle, 5, " ");
- snprintf(ctrlhandle, 5, " ");
+ snprintf(devhandle, sizeof(devhandle), " ");
+ snprintf(ctrlhandle, sizeof(ctrlhandle), " ");
speed = " ";
}
printf("%-8d%-12s%-11s%-10s%-8s%-7s%-7s%s\n",
@@ -516,7 +517,7 @@ show_devices(int ac, char **av)
MPI2_CONFIG_PAGE_SAS_DEV_0 *device;
MPI2_CONFIG_PAGE_EXPANDER_1 *exp1;
uint16_t IOCStatus, handle, bus, target;
- char *type, *speed, enchandle[5], slot[3], bt[8];
+ char *type, *speed, enchandle[8], slot[8], bt[16];
char buf[256];
int fd, error, nphys;
@@ -605,11 +606,11 @@ show_devices(int ac, char **av)
speed = " ";
if (device->EnclosureHandle != 0) {
- snprintf(enchandle, 5, "%04x", le16toh(device->EnclosureHandle));
- snprintf(slot, 3, "%02d", le16toh(device->Slot));
+ snprintf(enchandle, sizeof(enchandle), "%04x", le16toh(device->EnclosureHandle));
+ snprintf(slot, sizeof(slot), "%02d", le16toh(device->Slot));
} else {
- snprintf(enchandle, 5, " ");
- snprintf(slot, 3, " ");
+ snprintf(enchandle, sizeof(enchandle), " ");
+ snprintf(slot, sizeof(slot), " ");
}
printf("%-10s", bt);
snprintf(buf, sizeof(buf), "%08x%08x", le32toh(device->SASAddress.High),
@@ -634,7 +635,7 @@ static int
show_enclosures(int ac, char **av)
{
MPI2_CONFIG_PAGE_SAS_ENCLOSURE_0 *enc;
- char *type, sepstr[5];
+ char *type, sepstr[8];
uint16_t IOCStatus, handle;
int fd, error, issep;
@@ -663,9 +664,9 @@ show_enclosures(int ac, char **av)
}
type = get_enc_type(le16toh(enc->Flags), &issep);
if (issep == 0)
- snprintf(sepstr, 5, " ");
+ snprintf(sepstr, sizeof(sepstr), " ");
else
- snprintf(sepstr, 5, "%04x", le16toh(enc->SEPDevHandle));
+ snprintf(sepstr, sizeof(sepstr), "%04x", le16toh(enc->SEPDevHandle));
printf(" %.2d %08x%08x %s %04x %s\n",
le16toh(enc->NumSlots), le32toh(enc->EnclosureLogicalID.High),
le32toh(enc->EnclosureLogicalID.Low), sepstr, le16toh(enc->EnclosureHandle),
@@ -685,7 +686,7 @@ show_expanders(int ac, char **av)
MPI2_CONFIG_PAGE_EXPANDER_0 *exp0;
MPI2_CONFIG_PAGE_EXPANDER_1 *exp1;
uint16_t IOCStatus, handle;
- char enchandle[5], parent[5], rphy[3], rhandle[5];
+ char enchandle[8], parent[8], rphy[4], rhandle[8];
char *speed, *min, *max, *type;
int fd, error, nphys, i;
@@ -717,19 +718,19 @@ show_expanders(int ac, char **av)
handle = le16toh(exp0->DevHandle);
if (exp0->EnclosureHandle == 0x00)
- snprintf(enchandle, 5, " ");
+ snprintf(enchandle, sizeof(enchandle), " ");
else
- snprintf(enchandle, 5, "%04d", le16toh(exp0->EnclosureHandle));
+ snprintf(enchandle, sizeof(enchandle), "%04d", le16toh(exp0->EnclosureHandle));
if (exp0->ParentDevHandle == 0x0)
- snprintf(parent, 5, " ");
+ snprintf(parent, sizeof(parent), " ");
else
- snprintf(parent, 5, "%04x", le16toh(exp0->ParentDevHandle));
+ snprintf(parent, sizeof(parent), "%04x", le16toh(exp0->ParentDevHandle));
printf(" %02d %08x%08x %04x %s %s %d\n",
exp0->NumPhys, le32toh(exp0->SASAddress.High), le32toh(exp0->SASAddress.Low),
le16toh(exp0->DevHandle), parent, enchandle, exp0->SASLevel);
printf("\n");
- printf(" Phy RemotePhy DevHandle Speed Min Max Device\n");
+ printf(" Phy RemotePhy DevHandle Speed Min Max Device\n");
for (i = 0; i < nphys; i++) {
exp1 = mps_read_extended_config_page(fd,
MPI2_CONFIG_EXTPAGETYPE_SAS_EXPANDER,
@@ -745,20 +746,20 @@ show_expanders(int ac, char **av)
}
type = get_device_type(le32toh(exp1->AttachedDeviceInfo));
if ((le32toh(exp1->AttachedDeviceInfo) &0x7) == 0) {
- speed = " ";
- snprintf(rphy, 3, " ");
- snprintf(rhandle, 5, " ");
+ speed = " ";
+ snprintf(rphy, sizeof(rphy), " ");
+ snprintf(rhandle, sizeof(rhandle), " ");
} else {
speed = get_device_speed(
exp1->NegotiatedLinkRate);
- snprintf(rphy, 3, "%02d",
+ snprintf(rphy, sizeof(rphy), "%02d",
exp1->AttachedPhyIdentifier);
- snprintf(rhandle, 5, "%04x",
+ snprintf(rhandle, sizeof(rhandle), "%04x",
le16toh(exp1->AttachedDevHandle));
}
min = get_device_speed(exp1->HwLinkRate);
max = get_device_speed(exp1->HwLinkRate >> 4);
- printf(" %02d %s %s %s %s %s %s\n", exp1->Phy, rphy, rhandle, speed, min, max, type);
+ printf(" %02d %s %s %s %s %s %s\n", exp1->Phy, rphy, rhandle, speed, min, max, type);
free(exp1);
}