svn commit: r347436 - stable/11/usr.sbin/bhyve

[John Baldwin]

Author: jhb
Date: Fri May 10 16:36:38 2019
New Revision: 347436
URL: https://svnweb.freebsd.org/changeset/base/347436

Log:
  MFC 340707:
  Define AHCI_PORT_IDENT and increase by 1 the VTBLK_BLK_ID_BYTES
  to avoid buffer accessed out of bounds, also switch to snprintf(3).
  
  PR:		200859

Modified:
  stable/11/usr.sbin/bhyve/pci_ahci.c
  stable/11/usr.sbin/bhyve/pci_virtio_block.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/usr.sbin/bhyve/pci_ahci.c
==============================================================================
--- stable/11/usr.sbin/bhyve/pci_ahci.c	Fri May 10 16:32:44 2019	(r347435)
+++ stable/11/usr.sbin/bhyve/pci_ahci.c	Fri May 10 16:36:38 2019	(r347436)
@@ -105,7 +105,7 @@ enum sata_fis_type {
  * ATA commands
  */
 #define	ATA_SF_ENAB_SATA_SF		0x10
-#define		ATA_SATA_SF_AN		0x05
+#define	ATA_SATA_SF_AN			0x05
 #define	ATA_SF_DIS_SATA_SF		0x90
 
 /*
@@ -119,6 +119,8 @@ static FILE *dbg;
 #endif
 #define WPRINTF(format, arg...) printf(format, ##arg)
 
+#define AHCI_PORT_IDENT 20 + 1
+
 struct ahci_ioreq {
 	struct blockif_req io_req;
 	struct ahci_port *io_pr;
@@ -136,7 +138,7 @@ struct ahci_port {
 	struct pci_ahci_softc *pr_sc;
 	uint8_t *cmd_lst;
 	uint8_t *rfis;
-	char ident[20 + 1];
+	char ident[AHCI_PORT_IDENT];
 	int port;
 	int atapi;
 	int reset;
@@ -2374,7 +2376,8 @@ pci_ahci_init(struct vmctx *ctx, struct pci_devinst *p
 		MD5Init(&mdctx);
 		MD5Update(&mdctx, opts, strlen(opts));
 		MD5Final(digest, &mdctx);
-		sprintf(sc->port[p].ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X",
+		snprintf(sc->port[p].ident, AHCI_PORT_IDENT,
+		    "BHYVE-%02X%02X-%02X%02X-%02X%02X",
 		    digest[0], digest[1], digest[2], digest[3], digest[4],
 		    digest[5]);
 

Modified: stable/11/usr.sbin/bhyve/pci_virtio_block.c
==============================================================================
--- stable/11/usr.sbin/bhyve/pci_virtio_block.c	Fri May 10 16:32:44 2019	(r347435)
+++ stable/11/usr.sbin/bhyve/pci_virtio_block.c	Fri May 10 16:36:38 2019	(r347436)
@@ -61,7 +61,7 @@ __FBSDID("$FreeBSD$");
 #define VTBLK_S_IOERR	1
 #define	VTBLK_S_UNSUPP	2
 
-#define	VTBLK_BLK_ID_BYTES	20
+#define	VTBLK_BLK_ID_BYTES	20 + 1
 
 /* Capability bits */
 #define	VTBLK_F_SEG_MAX		(1 << 2)	/* Maximum request segments */
@@ -344,7 +344,8 @@ pci_vtblk_init(struct vmctx *ctx, struct pci_devinst *
 	MD5Init(&mdctx);
 	MD5Update(&mdctx, opts, strlen(opts));
 	MD5Final(digest, &mdctx);	
-	sprintf(sc->vbsc_ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X",
+	snprintf(sc->vbsc_ident, VTBLK_BLK_ID_BYTES,
+	    "BHYVE-%02X%02X-%02X%02X-%02X%02X",
 	    digest[0], digest[1], digest[2], digest[3], digest[4], digest[5]);
 
 	/* setup virtio block config space */