diff --git a/sbin/ggate/ggatec/ggatec.c b/sbin/ggate/ggatec/ggatec.c --- a/sbin/ggate/ggatec/ggatec.c +++ b/sbin/ggate/ggatec/ggatec.c @@ -145,7 +145,21 @@ case BIO_WRITE: hdr.gh_cmd = GGATE_CMD_WRITE; break; + default: + g_gate_log(LOG_NOTICE, "Unknown gctl_cmd: %i", ggio.gctl_cmd); + ggio.gctl_error = EOPNOTSUPP; + g_gate_ioctl(G_GATE_CMD_DONE, &ggio); + continue; + } + + /* Don't send requests for more data than we can handle the response for! */ + if (ggio.gctl_length > MAXPHYS) { + g_gate_log(LOG_ERR, "Request too big: %zd", ggio.gctl_length); + ggio.gctl_error = EOPNOTSUPP; + g_gate_ioctl(G_GATE_CMD_DONE, &ggio); + continue; } + hdr.gh_seq = ggio.gctl_seq; hdr.gh_offset = ggio.gctl_offset; hdr.gh_length = ggio.gctl_length; @@ -219,6 +233,12 @@ ggio.gctl_length = hdr.gh_length; ggio.gctl_error = hdr.gh_error; + /* Do not overflow our buffer if there is a bogus response. */ + if (ggio.gctl_length > (off_t) sizeof(buf)) { + g_gate_log(LOG_ERR, "Received too big response: %zd", ggio.gctl_length); + break; + } + if (ggio.gctl_error == 0 && ggio.gctl_cmd == GGATE_CMD_READ) { data = g_gate_recv(recvfd, ggio.gctl_data, ggio.gctl_length, MSG_WAITALL); diff --git a/tests/sys/geom/class/gate/ggate_test.sh b/tests/sys/geom/class/gate/ggate_test.sh --- a/tests/sys/geom/class/gate/ggate_test.sh +++ b/tests/sys/geom/class/gate/ggate_test.sh @@ -5,6 +5,39 @@ PORT=33080 CONF=gg.exports +atf_test_case ggatec_trim cleanup +ggatec_trim_head() +{ + atf_set "descr" "ggatec survives a trim" + atf_set "require.progs" "ggatec" + atf_set "require.user" "root" + atf_set "timeout" 60 +} + +ggatec_trim_body() +{ + load_ggate + + us=$(alloc_ggate_dev) + work=$(alloc_md) + atf_check -e ignore -o ignore dd if=/dev/random of=/dev/$work bs=1m count=1 conv=notrunc + echo $CONF >> $PLAINFILES + echo "localhost RW /dev/$work" > $CONF + atf_check ggated -p $PORT -F $PIDFILE $CONF + atf_check ggatec create -p $PORT -u $us localhost /dev/$work + ggate_dev=/dev/ggate${us} + wait_for_ggate_device ${ggate_dev} + + # ggatec only supports read or write. + atf_check -s not-exit:0 -e ignore -o ignore trim -q -f ${ggate_dev} +} + +ggatec_trim_cleanup() +{ + common_cleanup +} + + atf_test_case ggated cleanup ggated_head() { @@ -128,6 +161,7 @@ atf_add_test_case ggated atf_add_test_case ggatel_file atf_add_test_case ggatel_md + atf_add_test_case ggatec_trim } alloc_ggate_dev()