svn commit: r273693 - head/sys/cam/ctl

Alexander Motin mav at FreeBSD.org
Sun Oct 26 15:28:09 UTC 2014 

Author: mav
Date: Sun Oct 26 15:28:07 2014
New Revision: 273693
URL: https://svnweb.freebsd.org/changeset/base/273693

Log:
  Fix printing non-terminated strings in devlist XML.
  
  MFC after:	1 week

Modified:
  head/sys/cam/ctl/ctl.c
  head/sys/cam/ctl/ctl.h

Modified: head/sys/cam/ctl/ctl.c
==============================================================================
--- head/sys/cam/ctl/ctl.c	Sun Oct 26 14:43:02 2014	(r273692)
+++ head/sys/cam/ctl/ctl.c	Sun Oct 26 15:28:07 2014	(r273693)
@@ -2200,13 +2200,14 @@ ctl_copyout_args(int num_args, struct ct
  * Escape characters that are illegal or not recommended in XML.
  */
 int
-ctl_sbuf_printf_esc(struct sbuf *sb, char *str)
+ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
 {
+	char *end = str + size;
 	int retval;
 
 	retval = 0;
 
-	for (; *str; str++) {
+	for (; *str && str < end; str++) {
 		switch (*str) {
 		case '&':
 			retval = sbuf_printf(sb, "&");
@@ -3198,7 +3199,8 @@ ctl_ioctl(struct cdev *dev, u_long cmd, 
 				break;
 
 			retval = ctl_sbuf_printf_esc(sb,
-						     lun->be_lun->serial_num);
+			    lun->be_lun->serial_num,
+			    sizeof(lun->be_lun->serial_num));
 
 			if (retval != 0)
 				break;
@@ -3213,7 +3215,9 @@ ctl_ioctl(struct cdev *dev, u_long cmd, 
 			if (retval != 0)
 				break;
 
-			retval = ctl_sbuf_printf_esc(sb,lun->be_lun->device_id);
+			retval = ctl_sbuf_printf_esc(sb,
+			    lun->be_lun->device_id,
+			    sizeof(lun->be_lun->device_id));
 
 			if (retval != 0)
 				break;

Modified: head/sys/cam/ctl/ctl.h
==============================================================================
--- head/sys/cam/ctl/ctl.h	Sun Oct 26 14:43:02 2014	(r273692)
+++ head/sys/cam/ctl/ctl.h	Sun Oct 26 15:28:07 2014	(r273693)
@@ -156,7 +156,7 @@ int ctl_port_list(struct ctl_port_entry 
  * Put a string into an sbuf, escaping characters that are illegal or not
  * recommended in XML.  Note this doesn't escape everything, just > < and &.
  */
-int ctl_sbuf_printf_esc(struct sbuf *sb, char *str);
+int ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size);
 
 int ctl_ffz(uint32_t *mask, uint32_t size);
 int ctl_set_mask(uint32_t *mask, uint32_t bit);

More information about the svn-src-head mailing list