git: 2c63333240f2 - stable/13 - bhyve: Accept a variable-length string name for qemu_fwcfg_add_file.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 03 May 2023 00:29:39 UTC
The branch stable/13 has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=2c63333240f259ec57d748e9b4b3520b35b15f24
commit 2c63333240f259ec57d748e9b4b3520b35b15f24
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2023-03-22 19:34:34 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2023-05-03 00:06:52 +0000
bhyve: Accept a variable-length string name for qemu_fwcfg_add_file.
It is illegal (UB?) to pass a shorter array to a function argument
that takes a fixed-length array. Do a runtime check for names that
are too long via strlen() instead.
Reviewed by: markj
Reported by: GCC -Wstringop-overread
Differential Revision: https://reviews.freebsd.org/D39211
(cherry picked from commit 61482760a0ca198a9310d450133e9ac792b67955)
---
usr.sbin/bhyve/qemu_fwcfg.c | 6 ++++--
usr.sbin/bhyve/qemu_fwcfg.h | 2 +-
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/usr.sbin/bhyve/qemu_fwcfg.c b/usr.sbin/bhyve/qemu_fwcfg.c
index 2c5324dffdaa..95e713f9df4e 100644
--- a/usr.sbin/bhyve/qemu_fwcfg.c
+++ b/usr.sbin/bhyve/qemu_fwcfg.c
@@ -296,9 +296,11 @@ qemu_fwcfg_register_port(const char *const name, const int port, const int size,
}
int
-qemu_fwcfg_add_file(const uint8_t name[QEMU_FWCFG_MAX_NAME],
- const uint32_t size, void *const data)
+qemu_fwcfg_add_file(const char *name, const uint32_t size, void *const data)
{
+ if (strlen(name) >= QEMU_FWCFG_MAX_NAME)
+ return (EINVAL);
+
/*
* QEMU specifies count as big endian.
* Convert it to host endian to work with it.
diff --git a/usr.sbin/bhyve/qemu_fwcfg.h b/usr.sbin/bhyve/qemu_fwcfg.h
index f59087250816..f3846d64085a 100644
--- a/usr.sbin/bhyve/qemu_fwcfg.h
+++ b/usr.sbin/bhyve/qemu_fwcfg.h
@@ -18,6 +18,6 @@ struct qemu_fwcfg_item {
uint8_t *data;
};
-int qemu_fwcfg_add_file(const uint8_t name[QEMU_FWCFG_MAX_NAME],
+int qemu_fwcfg_add_file(const char *name,
const uint32_t size, void *const data);
int qemu_fwcfg_init(struct vmctx *const ctx);