svn commit: r300685 - head/sbin/camcontrol
Don Lewis
truckman at FreeBSD.org
Wed May 25 15:43:02 UTC 2016
Author: truckman
Date: Wed May 25 15:43:01 2016
New Revision: 300685
URL: https://svnweb.freebsd.org/changeset/base/300685
Log:
Fix a couple of new instances of a false positive Coverity buffer
overflow defect. Use the new CCB_CLEAR_ALL_EXCEPT_HDR() macro
instead of the calling bzero() on the pointer to the header used
as an array and indexed by 1.
Don't leak a buffer after executing "goto restart_report" by
overwriting its pointer with the results of another calloc().
Be sure to clear the buffer before reusing it. (CID 1356042)
Reported by: Coverity
CID: 1356022, 1356034, 1356023, 1356035, 1356042
Reviewed by: ken
Modified:
head/sbin/camcontrol/epc.c
head/sbin/camcontrol/zone.c
Modified: head/sbin/camcontrol/epc.c
==============================================================================
--- head/sbin/camcontrol/epc.c Wed May 25 15:42:39 2016 (r300684)
+++ head/sbin/camcontrol/epc.c Wed May 25 15:43:01 2016 (r300685)
@@ -633,8 +633,7 @@ epc(struct cam_device *device, int argc,
goto bailout;
}
- bzero(&(&ccb->ccb_h)[1],
- sizeof(union ccb) - sizeof(struct ccb_hdr));
+ CCB_CLEAR_ALL_EXCEPT_HDR(ccb);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch (c) {
Modified: head/sbin/camcontrol/zone.c
==============================================================================
--- head/sbin/camcontrol/zone.c Wed May 25 15:42:39 2016 (r300684)
+++ head/sbin/camcontrol/zone.c Wed May 25 15:43:01 2016 (r300685)
@@ -347,8 +347,7 @@ zone(struct cam_device *device, int argc
goto bailout;
}
- bzero(&(&ccb->ccb_h)[1],
- sizeof(union ccb) - sizeof(struct ccb_hdr));
+ CCB_CLEAR_ALL_EXCEPT_HDR(ccb);
while ((c = getopt(argc, argv, combinedopt)) != -1) {
switch (c) {
@@ -484,7 +483,8 @@ restart_report:
sector_count = ZAC_ATA_SECTOR_COUNT(alloc_len);
protocol = AP_PROTO_DMA;
} else {
- cdb_storage = calloc(cdb_storage_len, 1);
+ if (cdb_storage == NULL)
+ cdb_storage = calloc(cdb_storage_len, 1);
if (cdb_storage == NULL)
err(1, "couldn't allocate memory");
@@ -662,6 +662,8 @@ restart_report:
if (zp_status == ZONE_PRINT_MORE_DATA) {
bzero(ccb, sizeof(*ccb));
first_pass = 0;
+ if (cdb_storage != NULL)
+ bzero(cdb_storage, cdb_storage_len);
goto restart_report;
} else if (zp_status == ZONE_PRINT_ERROR)
error = 1;
More information about the svn-src-head
mailing list