diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -4729,23 +4729,43 @@ prison_add_allow(const char *prefix, const char *name, const char *prefix_descr, const char *descr) { + static const char fmt_allow_prefix_name[] = "allow.%s.%s"; + static const char fmt_allow_prefix_noname[] = "allow.%s.no%s"; + static const char fmt_allow_name[] = "allow.%s"; + static const char fmt_allow_noname[] = "allow.no%s"; + static const char fmt_prefix_name_allowed[] = "%s_%s_allowed"; + static const char fmt_name_allowed[] = "%s_allowed"; struct bool_flags *bf; struct sysctl_oid *parent; char *allow_name, *allow_noname, *allowed; #ifndef NO_SYSCTL_DESCR + static const char fmt_descr_deprecated[] = "%s (deprecated)"; char *descr_deprecated; + size_t descr_len; #endif + size_t name_len; u_int allow_flag; - if (prefix - ? asprintf(&allow_name, M_PRISON, "allow.%s.%s", prefix, name) - < 0 || - asprintf(&allow_noname, M_PRISON, "allow.%s.no%s", prefix, name) - < 0 - : asprintf(&allow_name, M_PRISON, "allow.%s", name) < 0 || - asprintf(&allow_noname, M_PRISON, "allow.no%s", name) < 0) { - free(allow_name, M_PRISON); - return 0; + if (prefix) { + name_len = strlen(prefix) + strlen(name); + allow_name = malloc(sizeof(fmt_allow_prefix_name) + name_len, + M_PRISON, M_WAITOK); + (void)snprintf(allow_name, sizeof(fmt_allow_prefix_name) + + name_len, fmt_allow_prefix_name, prefix, name); + allow_noname = malloc(sizeof(fmt_allow_prefix_noname) + + name_len, M_PRISON, M_WAITOK); + (void)snprintf(allow_noname, sizeof(fmt_allow_prefix_noname) + + name_len, fmt_allow_prefix_noname, prefix, name); + } else { + name_len = strlen(name); + allow_name = malloc(sizeof(fmt_allow_name) + name_len, + M_PRISON, M_WAITOK); + (void)snprintf(allow_name, sizeof(fmt_allow_name) + name_len, + fmt_allow_name, name); + allow_noname = malloc(sizeof(fmt_allow_noname) + name_len, + M_PRISON, M_WAITOK); + (void)snprintf(allow_noname, sizeof(fmt_allow_noname) + + name_len, fmt_allow_noname, name); } /* @@ -4809,22 +4829,35 @@ (void)SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(parent), OID_AUTO, name, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, "B", descr); - if ((prefix - ? asprintf(&allowed, M_TEMP, "%s_%s_allowed", prefix, name) - : asprintf(&allowed, M_TEMP, "%s_allowed", name)) >= 0) { -#ifndef NO_SYSCTL_DESCR - (void)asprintf(&descr_deprecated, M_TEMP, "%s (deprecated)", - descr); -#endif - (void)SYSCTL_ADD_PROC(NULL, - SYSCTL_CHILDREN(&sysctl___security_jail), OID_AUTO, allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, allow_flag, - sysctl_jail_default_allow, "I", descr_deprecated); -#ifndef NO_SYSCTL_DESCR - free(descr_deprecated, M_TEMP); -#endif - free(allowed, M_TEMP); + if (prefix) { + allowed = malloc(sizeof(fmt_prefix_name_allowed) + name_len, + M_TEMP, M_WAITOK); + (void)snprintf(allowed, sizeof(fmt_prefix_name_allowed) + + name_len, fmt_prefix_name_allowed, prefix, name); + } else { + allowed = malloc(sizeof(fmt_name_allowed) + name_len, + M_TEMP, M_WAITOK); + (void)snprintf(allowed, sizeof(fmt_name_allowed) + name_len, + fmt_name_allowed, name); } +#ifdef NO_SYSCTL_DESCR + (void)SYSCTL_ADD_PROC(NULL, + SYSCTL_CHILDREN(&sysctl___security_jail), OID_AUTO, allowed, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, allow_flag, + sysctl_jail_default_allow, "I", descr); +#else + descr_len = strlen(descr); + descr_deprecated = malloc(sizeof(fmt_descr_deprecated) + descr_len, + M_TEMP, M_WAITOK); + (void)snprintf(descr_deprecated, sizeof(fmt_descr_deprecated) + + descr_len, fmt_descr_deprecated, descr); + (void)SYSCTL_ADD_PROC(NULL, + SYSCTL_CHILDREN(&sysctl___security_jail), OID_AUTO, allowed, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, allow_flag, + sysctl_jail_default_allow, "I", descr_deprecated); + free(descr_deprecated, M_TEMP); +#endif + free(allowed, M_TEMP); return allow_flag; no_add: