svn commit: r306099 - head/usr.sbin/bhyve

[Ed Schouten]

Author: ed
Date: Wed Sep 21 13:02:43 2016
New Revision: 306099
URL: https://svnweb.freebsd.org/changeset/base/306099

Log:
  Fix misuse of the basename() and dirname() functions.
  
  These functions are allowed to overwrite their input. Pull a copy of the
  input parameter and call dirname() and basename() on that instead. Do
  ensure that we reload the pathname value between calls.

Modified:
  head/usr.sbin/bhyve/pci_virtio_console.c

Modified: head/usr.sbin/bhyve/pci_virtio_console.c
==============================================================================
--- head/usr.sbin/bhyve/pci_virtio_console.c	Wed Sep 21 11:59:52 2016	(r306098)
+++ head/usr.sbin/bhyve/pci_virtio_console.c	Wed Sep 21 13:02:43 2016	(r306099)
@@ -264,6 +264,7 @@ pci_vtcon_sock_add(struct pci_vtcon_soft
 {
 	struct pci_vtcon_sock *sock;
 	struct sockaddr_un sun;
+	char *pathcopy;
 	int s = -1, fd = -1, error = 0;
 
 	sock = calloc(1, sizeof(struct pci_vtcon_sock));
@@ -278,15 +279,24 @@ pci_vtcon_sock_add(struct pci_vtcon_soft
 		goto out;
 	}
 
-	fd = open(dirname(path), O_RDONLY | O_DIRECTORY);
+	pathcopy = strdup(path);
+	if (pathcopy == NULL) {
+		error = -1;
+		goto out;
+	}
+
+	fd = open(dirname(pathcopy), O_RDONLY | O_DIRECTORY);
 	if (fd < 0) {
+		free(pathcopy);
 		error = -1;
 		goto out;
 	}
 
 	sun.sun_family = AF_UNIX;
 	sun.sun_len = sizeof(struct sockaddr_un);
-	strncpy(sun.sun_path, basename((char *)path), sizeof(sun.sun_path));
+	strcpy(pathcopy, path);
+	strncpy(sun.sun_path, basename(pathcopy), sizeof(sun.sun_path));
+	free(pathcopy);
 
 	if (bindat(fd, s, (struct sockaddr *)&sun, sun.sun_len) < 0) {
 		error = -1;