git: 45d75e3ac3fb - main - netgraph/ng_base: Allow larger BINARY2ASCII conversions

Mark Johnston markj at freebsd.org
Mon Feb 8 15:18:11 UTC 2021 

On Mon, Feb 08, 2021 at 01:35:11PM +0000, Lutz Donnerhacke wrote:
> The branch main has been updated by donner:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=45d75e3ac3fb5bf8230ca28dc09b48c6e5ed7a4f
> 
> commit 45d75e3ac3fb5bf8230ca28dc09b48c6e5ed7a4f
> Author:     Lutz Donnerhacke <donner at FreeBSD.org>
> AuthorDate: 2021-02-07 21:07:34 +0000
> Commit:     Lutz Donnerhacke <donner at FreeBSD.org>
> CommitDate: 2021-02-08 13:31:58 +0000
> 
>     netgraph/ng_base: Allow larger BINARY2ASCII conversions
>     
>     Allocate the necessary memory for the conversion dynamically starting
>     with a value which is sufficient for almost all normal cases.

Is there some upper bound on the length of the input message?  If not, a
sufficiently large input looks like it could cause an infinite loop by
triggering overflow in the bufSize *= 2 calculation.  I also wonder why
the same change was not made for ASCII2BINARY.

>     
>     PR:             187835
>     Reviewed by:    kp
>     Differential Revision: https://reviews.freebsd.org/D23840
> ---
>  sys/netgraph/ng_base.c | 14 +++++++++-----
>  1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/sys/netgraph/ng_base.c b/sys/netgraph/ng_base.c
> index 6ab39421b255..63bc251f52f9 100644
> --- a/sys/netgraph/ng_base.c
> +++ b/sys/netgraph/ng_base.c
> @@ -2771,7 +2771,7 @@ ng_generic_msg(node_p here, item_p item, hook_p lasthook)
>  
>  	case NGM_BINARY2ASCII:
>  	    {
> -		int bufSize = 20 * 1024;	/* XXX hard coded constant */
> +		int bufSize = 1024;
>  		const struct ng_parse_type *argstype;
>  		const struct ng_cmdlist *c;
>  		struct ng_mesg *binary, *ascii;
> @@ -2785,7 +2785,7 @@ ng_generic_msg(node_p here, item_p item, hook_p lasthook)
>  			error = EINVAL;
>  			break;
>  		}
> -
> +retry_b2a:
>  		/* Get a response message with lots of room */
>  		NG_MKRESPONSE(resp, msg, sizeof(*ascii) + bufSize, M_NOWAIT);
>  		if (resp == NULL) {
> @@ -2827,9 +2827,13 @@ ng_generic_msg(node_p here, item_p item, hook_p lasthook)
>  		if (argstype == NULL) {
>  			*ascii->data = '\0';
>  		} else {
> -			if ((error = ng_unparse(argstype,
> -			    (u_char *)binary->data,
> -			    ascii->data, bufSize)) != 0) {
> +			error = ng_unparse(argstype, (u_char *)binary->data,
> +			    ascii->data, bufSize);
> +			if (error == ERANGE) {
> +				NG_FREE_MSG(resp);
> +				bufSize *= 2;
> +				goto retry_b2a;
> +			} else if (error) {
>  				NG_FREE_MSG(resp);
>  				break;
>  			}
> _______________________________________________
> dev-commits-src-all at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
> To unsubscribe, send any mail to "dev-commits-src-all-unsubscribe at freebsd.org"

More information about the dev-commits-src-main mailing list