5.3-RELEASE TODO

Brooks Davis brooks at one-eyed-alien.net
Fri Sep 17 11:46:51 PDT 2004


On Fri, Sep 17, 2004 at 07:57:32PM +0200, Dag-Erling Smørgrav wrote:
> Brooks Davis <brooks at one-eyed-alien.net> writes:
> > I've got a patch for this one.  If someone will review it, I will commit
> > it to HEAD for further testing.
> 
> you shouldn't call malloc() with M_NOWAIT unless you absolutely must,
> and in this case you don't.

Oops, that's a bug.  I'll fix it before I commit.

> there's nothing to prevent the ifconf data from growing between the
> first and second pass, since you're not holding the lock.  you'd end
> up overflowing ifrbuf.

The space variable insures that you won't overflow just as it did before
when the user provided an undersized buffer.  There is a race that
might be worth fixing where the size can increase and more or more
addresses/interfaces at the end won't get written out, but there isn't
an overflow.  The only way I can see to fix it is to check at the end
of the loop and make sure that we added all items in the buffer or used
as much space as the user gave us.  If didn't do that, we need to start
over (zero buflen, reset space, free ifrbuf, and goto again).  Using
sbufs as you suggest would probably make things a bit more clear, but I
believe what I've got works.

> what I suggest you do is:
> 
>     struct sbuf *sb = sbuf_new(NULL, NULL, size, ifc->ifc_len + 1);

What are you trying to do here?  Unless my manpages are wrong, the
fourth arg is flags.  Do you mean to set SBUF_FIXEDLEN?  I think you
would have to to avoid a new LOR.  Also, it is not safe to trust
ifc->ifc_len for allocations because it is provided by potentially
unpriveleged users.  Thus, so you have to know how much space you will
need before doing any kind of allocation, hence the double loop and the
potential race.

Thanks,
Brooks

-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040917/a24dcdda/attachment.bin


More information about the freebsd-current mailing list