svn commit: r280239 - head/sys/geom

[Adrian Chadd]

Author: adrian
Date: Thu Mar 19 03:58:25 2015
New Revision: 280239
URL: https://svnweb.freebsd.org/changeset/base/280239

Log:
  Fix the label search routine in geom_map to not trip up on '\0' bytes.
  
  * Just do the buf check early and fail out
  * If the offset being searched is:
  
  00110000  00 b5 7e 45 61 e2 76 d3  c1 78 dd 15 95 cd 1f f1  |..~Ea.v..x......|
  
  .. and the match string is '.!/bin/sh'
  
  .. then it'll set the match string[0] to '\0', do a strncmp() against
  the read buffer, find it's matching two zero-length strings, and think
  that's where to start.
  
  MFC after:	2 weeks

Modified:
  head/sys/geom/geom_map.c

Modified: head/sys/geom/geom_map.c
==============================================================================
--- head/sys/geom/geom_map.c	Thu Mar 19 01:40:43 2015	(r280238)
+++ head/sys/geom/geom_map.c	Thu Mar 19 03:58:25 2015	(r280239)
@@ -171,6 +171,13 @@ find_marker(struct g_consumer *cp, const
 		    roundup(strlen(search_key), sectorsize), NULL);
 		g_topology_lock();
 
+		/*
+		 * Don't bother doing the rest if buf==NULL; eg derefencing
+		 * to assemble 'key'.
+		 */
+		if (buf == NULL)
+			continue;
+
 		/* Wildcard, replace '.' with byte from data */
 		/* TODO: add support wildcard escape '\.' */
 
@@ -183,7 +190,8 @@ find_marker(struct g_consumer *cp, const
 			}
 		}
 
-		if (buf != NULL && strncmp(buf + search_offset % sectorsize,
+		/* Assume buf != NULL here */
+		if (memcmp(buf + search_offset % sectorsize,
 		    key, strlen(search_key)) == 0) {
 			g_free(buf);
 			/* Marker found, so return their offset */