Index: sys/dev/pccard/pccard.c =================================================================== --- sys/dev/pccard/pccard.c +++ sys/dev/pccard/pccard.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include @@ -1036,13 +1037,18 @@ struct pccard_ivar *devi = PCCARD_IVAR(child); struct pccard_function *pf = devi->pf; struct pccard_softc *sc = PCCARD_SOFTC(bus); - char cis0[128], cis1[128]; + struct sbuf sb; + + sbuf_new(&sb, buf, buflen, SBUF_FIXEDLEN | SBUF_INCLUDENUL); + sbuf_printf(&sb, "manufacturer=0x%04x product=0x%04x " + "cisvendor=\"", sc->card.manufacturer, sc->card.product); + devctl_safe_quote_sb(&sb, sc->card.cis1_info[0]); + sbuf_printf(&sb, "\" cisproduct=\""); + devctl_safe_quote_sb(&sb, sc->card.cis1_info[1]); + sbuf_printf(&sb, "\" function_type=%d", pf->function); + sbuf_finish(&sb); + sbuf_delete(&sb); - devctl_safe_quote(cis0, sc->card.cis1_info[0], sizeof(cis0)); - devctl_safe_quote(cis1, sc->card.cis1_info[1], sizeof(cis1)); - snprintf(buf, buflen, "manufacturer=0x%04x product=0x%04x " - "cisvendor=\"%s\" cisproduct=\"%s\" function_type=%d", - sc->card.manufacturer, sc->card.product, cis0, cis1, pf->function); return (0); } Index: sys/kern/kern_sig.c =================================================================== --- sys/kern/kern_sig.c +++ sys/kern/kern_sig.c @@ -3431,24 +3431,6 @@ return (0); } -static int -coredump_sanitise_path(const char *path) -{ - size_t i; - - /* - * Only send a subset of ASCII to devd(8) because it - * might pass these strings to sh -c. - */ - for (i = 0; path[i]; i++) - if (!(isalpha(path[i]) || isdigit(path[i])) && - path[i] != '/' && path[i] != '.' && - path[i] != '-') - return (0); - - return (1); -} - /* * Dump a process' core. The main routine does some * policy checking, and creates the name of the coredump; @@ -3469,11 +3451,8 @@ char *name; /* name of corefile */ void *rl_cookie; off_t limit; - char *data = NULL; char *fullpath, *freepath = NULL; - size_t len; - static const char comm_name[] = "comm="; - static const char core_name[] = "core="; + struct sbuf *sb; PROC_LOCK_ASSERT(p, MA_OWNED); MPASS((p->p_flag & P_HADTHREADS) == 0 || p->p_singlethread == td); @@ -3556,23 +3535,35 @@ */ if (error != 0 || coredump_devctl == 0) goto out; - len = MAXPATHLEN * 2 + sizeof(comm_name) - 1 + - sizeof(' ') + sizeof(core_name) - 1; - data = malloc(len, M_TEMP, M_WAITOK); + sb = sbuf_new_auto(); if (vn_fullpath_global(td, p->p_textvp, &fullpath, &freepath) != 0) - goto out; - if (!coredump_sanitise_path(fullpath)) - goto out; - snprintf(data, len, "%s%s ", comm_name, fullpath); + goto out2; + sbuf_printf(sb, "comm=\""); + devctl_safe_quote_sb(sb, fullpath); free(freepath, M_TEMP); - freepath = NULL; - if (vn_fullpath_global(td, vp, &fullpath, &freepath) != 0) - goto out; - if (!coredump_sanitise_path(fullpath)) - goto out; - strlcat(data, core_name, len); - strlcat(data, fullpath, len); - devctl_notify("kernel", "signal", "coredump", data); + sbuf_printf(sb, "\" core=\""); + + /* + * We can't lookup core file vp directly. When we're replacing a core, and + * other random times, we flush the name cache, so it will fail. Instead, + * if the path of the core is relative, add the current dir in front if it. + */ + if (name[0] != '/') { + fullpath = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); + if (kern___getcwd(td, fullpath, UIO_SYSSPACE, MAXPATHLEN, MAXPATHLEN) != 0) { + free(fullpath, M_TEMP); + goto out2; + } + devctl_safe_quote_sb(sb, fullpath); + free(fullpath, M_TEMP); + sbuf_putc(sb, '/'); + } + devctl_safe_quote_sb(sb, name); + sbuf_printf(sb, "\""); + if (sbuf_finish(sb) == 0) + devctl_notify("kernel", "signal", "coredump", sbuf_data(sb)); +out2: + sbuf_delete(sb); out: error1 = vn_close(vp, FWRITE, cred, td); if (error == 0) @@ -3580,8 +3571,6 @@ #ifdef AUDIT audit_proc_coredump(td, name, error); #endif - free(freepath, M_TEMP); - free(data, M_TEMP); free(name, M_TEMP); return (error); } Index: sys/kern/subr_bus.c =================================================================== --- sys/kern/subr_bus.c +++ sys/kern/subr_bus.c @@ -51,6 +51,7 @@ #include #include #include +#include #include #include #include @@ -859,27 +860,18 @@ * Strings are always terminated with a NUL, but may be truncated if longer * than @p len bytes after quotes. * - * @param dst Buffer to hold the string. Must be at least @p len bytes long + * @param sb sbuf to place the characters into * @param src Original buffer. - * @param len Length of buffer pointed to by @dst, including trailing NUL */ void -devctl_safe_quote(char *dst, const char *src, size_t len) +devctl_safe_quote_sb(struct sbuf *sb, const char *src) { - char *walker = dst, *ep = dst + len - 1; - if (len == 0) - return; - while (src != NULL && walker < ep) - { - if (*src == '"' || *src == '\\') { - if (ep - walker < 2) - break; - *walker++ = '\\'; - } - *walker++ = *src++; + while (*src != '\0') { + if (*src == '"' || *src == '\\') + sbuf_putc(sb, '\\'); + sbuf_putc(sb, *src++); } - *walker = '\0'; } /* End of /dev/devctl code */ Index: sys/sys/bus.h =================================================================== --- sys/sys/bus.h +++ sys/sys/bus.h @@ -156,7 +156,8 @@ const char *__type, const char *__data); void devctl_queue_data_f(char *__data, int __flags); void devctl_queue_data(char *__data); -void devctl_safe_quote(char *__dst, const char *__src, size_t len); +struct sbuf; +void devctl_safe_quote_sb(struct sbuf *__sb, const char *__src); /** * Device name parsers. Hook to allow device enumerators to map