kern/132104: kenv buffer overflow
Dylan Cochran
a134qaed at gmail.com
Fri Mar 6 10:20:05 PST 2009
The following reply was made to PR kern/132104; it has been noted by GNATS.
From: Dylan Cochran <a134qaed at gmail.com>
To: bug-followup <bug-followup at freebsd.org>
Cc: Jaakko Heinonen <jh at saunalahti.fi>
Subject: Re: kern/132104: kenv buffer overflow
Date: Fri, 6 Mar 2009 13:13:54 -0500
--00163616451b6c31690464773f1a
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Second patch, after a conversation with rwatson about locking on
malloc, I decided to allow a race condition to occur, and bounded it
with an incrementing counter. If we lose the race, we loop up to 6
times, then return null. Since the values chosen for the sleep time
and count are arbitrary, I added printf's so I could view the
frequencies when races were lost. So far it never happens, so I
believe that to be sufficient.
Please note I am not a C language expert, nor am I intimately familiar
with kernel programming. I appreciate any pointers. :)
--00163616451b6c31690464773f1a
Content-Type: application/octet-stream; name="kenv.diff"
Content-Disposition: attachment; filename="kenv.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_frz6npga0
LS0tIHN5cy9rZXJuL2tlcm5fZW52aXJvbm1lbnQuYwkyMDA5LTAyLTIwIDEyOjMxOjM2LjAwMDAw
MDAwMCAtMDUwMAorKysgc3lzL2tlcm4va2Vybl9lbnZpcm9ubWVudC5jCTIwMDktMDMtMDMgMjI6
NDU6MTkuMDAwMDAwMDAwIC0wNTAwCkBAIC0yOTMsMjIgKzI5MywzNCBAQAogY2hhciAqCiBnZXRl
bnYoY29uc3QgY2hhciAqbmFtZSkKIHsKLQljaGFyIGJ1ZltLRU5WX01OQU1FTEVOICsgMSArIEtF
TlZfTVZBTExFTiArIDFdOwogCWNoYXIgKnJldCwgKmNwOwotCWludCBsZW47CisJaW50IGxlbiA9
IDA7CisJaW50IGNvdW50ID0gMDsKIAogCWlmIChkeW5hbWljX2tlbnYpIHsKLQkJbXR4X2xvY2so
JmtlbnZfbG9jayk7Ci0JCWNwID0gX2dldGVudl9keW5hbWljKG5hbWUsIE5VTEwpOwotCQlpZiAo
Y3AgIT0gTlVMTCkgewotCQkJc3RyY3B5KGJ1ZiwgY3ApOwotCQkJbXR4X3VubG9jaygma2Vudl9s
b2NrKTsKLQkJCWxlbiA9IHN0cmxlbihidWYpICsgMTsKLQkJCXJldCA9IG1hbGxvYyhsZW4sIE1f
S0VOViwgTV9XQUlUT0spOwotCQkJc3RyY3B5KHJldCwgYnVmKTsKLQkJfSBlbHNlIHsKLQkJCW10
eF91bmxvY2soJmtlbnZfbG9jayk7CisJCXdoaWxlIChjb3VudCA8PSA1KSB7CiAJCQlyZXQgPSBO
VUxMOworCQkJbXR4X2xvY2soJmtlbnZfbG9jayk7CisJCQljcCA9IF9nZXRlbnZfZHluYW1pYyhu
YW1lLCBOVUxMKTsKKwkJCWlmIChjcCAhPSBOVUxMKSB7CisJCQkJbGVuID0gc3RybGVuKGNwKSAr
IDE7CisJCQkJbXR4X3VubG9jaygma2Vudl9sb2NrKTsKKwkJCQlyZXQgPSBtYWxsb2MobGVuLCBN
X0tFTlYsIE1fV0FJVE9LIHwgTV9aRVJPKTsKKwkJCQlzdHJuY3B5KHJldCwgY3AsIGxlbik7CisJ
CQkJLyogSWYgdGhlIGxhc3QgYnl0ZSBvZiByZXQgaXMgemVybywgdGhlbiB3ZSB3b24gdGhlIHJh
Y2UsIHNsZWVwIGFuZCB0cnkgYWdhaW4uICovCisJCQkJcHJpbnRmKCJrZW52MDogbmFtZT0lcyBs
ZW5ndGg9JWQgY291bnQ9JXhcbiIsIG5hbWUsIGxlbiwgY291bnQpOworCQkJCWlmIChyZXRbbGVu
XSA9PSAnXHgwMCcpIHsKKwkJCQkJcHJpbnRmKCJrZW52MDogZGF0YT0lc1xuIiwgcmV0KTsKKwkJ
CQkJYnJlYWs7CisJCQkJfQorCQkJfSBlbHNlIHsKKwkJCQltdHhfdW5sb2NrKCZrZW52X2xvY2sp
OworCQkJCXJldCA9IE5VTEw7CisJCQkJYnJlYWs7CisJCQl9CisJCQljb3VudCsrOworCQkJZnJl
ZShyZXQsIE1fS0VOVik7CisJCQl0c2xlZXAoY3AsIDAsICJrZW52c2wiLCAxKTsKIAkJfQogCX0g
ZWxzZQogCQlyZXQgPSBfZ2V0ZW52X3N0YXRpYyhuYW1lKTsK
--00163616451b6c31690464773f1a--
More information about the freebsd-bugs
mailing list