git: 45d75e3ac3fb - main - netgraph/ng_base: Allow larger BINARY2ASCII conversions
Mark Johnston
markj at freebsd.org
Mon Feb 8 15:18:11 UTC 2021
On Mon, Feb 08, 2021 at 01:35:11PM +0000, Lutz Donnerhacke wrote:
> The branch main has been updated by donner:
>
> URL: https://cgit.FreeBSD.org/src/commit/?id=45d75e3ac3fb5bf8230ca28dc09b48c6e5ed7a4f
>
> commit 45d75e3ac3fb5bf8230ca28dc09b48c6e5ed7a4f
> Author: Lutz Donnerhacke <donner at FreeBSD.org>
> AuthorDate: 2021-02-07 21:07:34 +0000
> Commit: Lutz Donnerhacke <donner at FreeBSD.org>
> CommitDate: 2021-02-08 13:31:58 +0000
>
> netgraph/ng_base: Allow larger BINARY2ASCII conversions
>
> Allocate the necessary memory for the conversion dynamically starting
> with a value which is sufficient for almost all normal cases.
Is there some upper bound on the length of the input message? If not, a
sufficiently large input looks like it could cause an infinite loop by
triggering overflow in the bufSize *= 2 calculation. I also wonder why
the same change was not made for ASCII2BINARY.
>
> PR: 187835
> Reviewed by: kp
> Differential Revision: https://reviews.freebsd.org/D23840
> ---
> sys/netgraph/ng_base.c | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/sys/netgraph/ng_base.c b/sys/netgraph/ng_base.c
> index 6ab39421b255..63bc251f52f9 100644
> --- a/sys/netgraph/ng_base.c
> +++ b/sys/netgraph/ng_base.c
> @@ -2771,7 +2771,7 @@ ng_generic_msg(node_p here, item_p item, hook_p lasthook)
>
> case NGM_BINARY2ASCII:
> {
> - int bufSize = 20 * 1024; /* XXX hard coded constant */
> + int bufSize = 1024;
> const struct ng_parse_type *argstype;
> const struct ng_cmdlist *c;
> struct ng_mesg *binary, *ascii;
> @@ -2785,7 +2785,7 @@ ng_generic_msg(node_p here, item_p item, hook_p lasthook)
> error = EINVAL;
> break;
> }
> -
> +retry_b2a:
> /* Get a response message with lots of room */
> NG_MKRESPONSE(resp, msg, sizeof(*ascii) + bufSize, M_NOWAIT);
> if (resp == NULL) {
> @@ -2827,9 +2827,13 @@ ng_generic_msg(node_p here, item_p item, hook_p lasthook)
> if (argstype == NULL) {
> *ascii->data = '\0';
> } else {
> - if ((error = ng_unparse(argstype,
> - (u_char *)binary->data,
> - ascii->data, bufSize)) != 0) {
> + error = ng_unparse(argstype, (u_char *)binary->data,
> + ascii->data, bufSize);
> + if (error == ERANGE) {
> + NG_FREE_MSG(resp);
> + bufSize *= 2;
> + goto retry_b2a;
> + } else if (error) {
> NG_FREE_MSG(resp);
> break;
> }
> _______________________________________________
> dev-commits-src-all at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
> To unsubscribe, send any mail to "dev-commits-src-all-unsubscribe at freebsd.org"
More information about the dev-commits-src-main
mailing list