Page MenuHomeFreeBSD
Differential D19122

mdmfs: Fix many bugs in automatic md(4) creation.
ClosedPublic
Actions

Authored by brooks on Feb 8 2019, 6:13 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 3 2024, 7:12 PM
Unknown Object (File)
Oct 1 2024, 4:36 PM
Unknown Object (File)
Oct 1 2024, 4:03 PM
Unknown Object (File)
Sep 27 2024, 7:40 PM
Unknown Object (File)
Sep 25 2024, 6:41 AM
Unknown Object (File)
Sep 21 2024, 8:33 AM
Unknown Object (File)
Sep 21 2024, 12:55 AM
Unknown Object (File)
Sep 19 2024, 6:29 AM
View All 62 Files
Subscribers
imp

Details

Reviewers
markj
emaste
jhb
kib
Commits
rS344263: MFC r344023:
rS344262: MFC r344023:
rS344023: mdmfs: Fix many bugs in automatic md(4) creation.
Summary

This code allocated a correctly sized buffer, read past the end of the
source buffer, writing off the end of the target buffer, and then writing
a '\0' terminator past the end of the target buffer (in the wrong place).
It then leaked the buffer.

Switch to a statically sized buffer on the stack and update the source pointer and
length before use so the correct things are copied.

Fix a logic error in the checks that the format of the line is as
expected and move on out of an assert.

Remove an unneeded close(). fclose() closes the descriptor.

Found with: CheriABI
Obtained from: CheriBSD

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brooks created this revision.Feb 8 2019, 6:13 PM
Harbormaster completed remote builds in B22394: Diff 53694.Feb 8 2019, 6:13 PM
markj added inline comments.Feb 8 2019, 9:55 PM
sbin/mdmfs/mdmfs.c
484 ↗(On Diff #53694)

What if the line is just "md\n", i.e., there's no unit number? I think the second clause won't catch that case because linelen includes the newline character. That is, it looks like that should be linelen <= mdnamelen + 1.

brooks updated this revision to Diff 53713.Feb 8 2019, 10:06 PM
  • Make sure there's at least space for one digit of a unit number.
Harbormaster completed remote builds in B22403: Diff 53713.Feb 8 2019, 10:06 PM
brooks marked an inline comment as done.Feb 8 2019, 10:06 PM
jhb added a comment.Feb 9 2019, 12:19 AM

It's probably fine, but I wonder if it wouldn't be more readable to just use getline() instead. I think you'd end up with something like:

char *linebuf;
size_t linecap;
...
sfd = fdopen(...);
linebuf = NULL;
linecap = 0;
if (getline(&linebuf, &linecap, sfd) < mdnamelen ||
    strncmp(linebuf, mdname, mdnamelen) != 0)
        errx(1, "unexpected output from mdconfig (attach)");
ul = strtoul(linebuf + mdnamelen, &p, 10);
...
fclose(sfd);
free(linebuf);
sbin/mdmfs/mdmfs.c
490 ↗(On Diff #53713)

This assertion is now pointless.

500 ↗(On Diff #53713)

This close() is wrong, but harmless. fdopen() "takes" the fd and so fclose() already closes it.

kib added a comment.Feb 9 2019, 3:27 AM

The buffer is not statically allocated, it is statically sized (in the revision summary).

brooks edited the summary of this revision. (Show Details)Feb 11 2019, 7:02 PM
brooks edited the summary of this revision. (Show Details)
brooks updated this revision to Diff 53800.Feb 11 2019, 7:05 PM
  • Remove obsolete and always true assert.
  • Remove pointless close(). fclose() closes the descriptor.
Harbormaster completed remote builds in B22442: Diff 53800.Feb 11 2019, 7:05 PM
brooks marked 2 inline comments as done.Feb 11 2019, 7:05 PM
jhb accepted this revision.Feb 11 2019, 8:14 PM
This revision is now accepted and ready to land.Feb 11 2019, 8:14 PM
markj accepted this revision.Feb 11 2019, 8:48 PM
Closed by commit rS344023: mdmfs: Fix many bugs in automatic md(4) creation. (authored by brooks). · Explain WhyFeb 11 2019, 9:31 PM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: imp. · View Herald TranscriptFeb 11 2019, 9:31 PM

Revision Contents
Changeset List

PathSize
head/
sbin/
mdmfs/
17 lines

Diff 53804

View Options

head/sbin/mdmfs/mdmfs.c

Loading...