svn commit: r199649 - stable/8/sys/kern
Attilio Rao
attilio at FreeBSD.org
Sun Nov 22 15:53:41 UTC 2009
Author: attilio
Date: Sun Nov 22 15:53:39 2009
New Revision: 199649
URL: http://svn.freebsd.org/changeset/base/199649
Log:
MFC r199209:
Fix a potential buffer boundaries overflow in devclass_add_device() by
using all available int lenghts digits for storing the information.
Sponsored by: Sandvine Incorporated
Modified:
stable/8/sys/kern/subr_bus.c
Directory Properties:
stable/8/sys/ (props changed)
stable/8/sys/amd64/include/xen/ (props changed)
stable/8/sys/cddl/contrib/opensolaris/ (props changed)
stable/8/sys/contrib/dev/acpica/ (props changed)
stable/8/sys/contrib/pf/ (props changed)
stable/8/sys/dev/xen/xenpci/ (props changed)
Modified: stable/8/sys/kern/subr_bus.c
==============================================================================
--- stable/8/sys/kern/subr_bus.c Sun Nov 22 14:32:32 2009 (r199648)
+++ stable/8/sys/kern/subr_bus.c Sun Nov 22 15:53:39 2009 (r199649)
@@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$");
#include <sys/lock.h>
#include <sys/kernel.h>
#include <sys/kobj.h>
+#include <sys/limits.h>
#include <sys/malloc.h>
#include <sys/module.h>
#include <sys/mutex.h>
@@ -1584,7 +1585,7 @@ devclass_add_device(devclass_t dc, devic
PDEBUG(("%s in devclass %s", DEVICENAME(dev), DEVCLANAME(dc)));
- buflen = snprintf(NULL, 0, "%s%d$", dc->name, dev->unit);
+ buflen = snprintf(NULL, 0, "%s%d$", dc->name, INT_MAX);
if (buflen < 0)
return (ENOMEM);
dev->nameunit = malloc(buflen, M_BUS, M_NOWAIT|M_ZERO);
More information about the svn-src-stable-8
mailing list