Page MenuHomeFreeBSD
Files F136535560

D16026.id.diff
No OneTemporary
Actions

D16026.id.diff
View Options

Index: sys/dev/pccard/pccard.c
===================================================================
--- sys/dev/pccard/pccard.c
+++ sys/dev/pccard/pccard.c
@@ -40,6 +40,7 @@
#include <sys/module.h>
#include <sys/kernel.h>
#include <sys/queue.h>
+#include <sys/sbuf.h>
#include <sys/sysctl.h>
#include <sys/types.h>
@@ -1036,13 +1037,18 @@
struct pccard_ivar *devi = PCCARD_IVAR(child);
struct pccard_function *pf = devi->pf;
struct pccard_softc *sc = PCCARD_SOFTC(bus);
- char cis0[128], cis1[128];
+ struct sbuf sb;
+
+ sbuf_new(&sb, buf, buflen, SBUF_FIXEDLEN | SBUF_INCLUDENUL);
+ sbuf_printf(&sb, "manufacturer=0x%04x product=0x%04x "
+ "cisvendor=\"", sc->card.manufacturer, sc->card.product);
+ devctl_safe_quote_sb(&sb, sc->card.cis1_info[0]);
+ sbuf_printf(&sb, "\" cisproduct=\"");
+ devctl_safe_quote_sb(&sb, sc->card.cis1_info[1]);
+ sbuf_printf(&sb, "\" function_type=%d", pf->function);
+ sbuf_finish(&sb);
+ sbuf_delete(&sb);
- devctl_safe_quote(cis0, sc->card.cis1_info[0], sizeof(cis0));
- devctl_safe_quote(cis1, sc->card.cis1_info[1], sizeof(cis1));
- snprintf(buf, buflen, "manufacturer=0x%04x product=0x%04x "
- "cisvendor=\"%s\" cisproduct=\"%s\" function_type=%d",
- sc->card.manufacturer, sc->card.product, cis0, cis1, pf->function);
return (0);
}
Index: sys/kern/kern_sig.c
===================================================================
--- sys/kern/kern_sig.c
+++ sys/kern/kern_sig.c
@@ -3431,24 +3431,6 @@
return (0);
}
-static int
-coredump_sanitise_path(const char *path)
-{
- size_t i;
-
- /*
- * Only send a subset of ASCII to devd(8) because it
- * might pass these strings to sh -c.
- */
- for (i = 0; path[i]; i++)
- if (!(isalpha(path[i]) || isdigit(path[i])) &&
- path[i] != '/' && path[i] != '.' &&
- path[i] != '-')
- return (0);
-
- return (1);
-}
-
/*
* Dump a process' core. The main routine does some
* policy checking, and creates the name of the coredump;
@@ -3469,11 +3451,8 @@
char *name; /* name of corefile */
void *rl_cookie;
off_t limit;
- char *data = NULL;
char *fullpath, *freepath = NULL;
- size_t len;
- static const char comm_name[] = "comm=";
- static const char core_name[] = "core=";
+ struct sbuf *sb;
PROC_LOCK_ASSERT(p, MA_OWNED);
MPASS((p->p_flag & P_HADTHREADS) == 0 || p->p_singlethread == td);
@@ -3556,23 +3535,35 @@
*/
if (error != 0 || coredump_devctl == 0)
goto out;
- len = MAXPATHLEN * 2 + sizeof(comm_name) - 1 +
- sizeof(' ') + sizeof(core_name) - 1;
- data = malloc(len, M_TEMP, M_WAITOK);
+ sb = sbuf_new_auto();
if (vn_fullpath_global(td, p->p_textvp, &fullpath, &freepath) != 0)
- goto out;
- if (!coredump_sanitise_path(fullpath))
- goto out;
- snprintf(data, len, "%s%s ", comm_name, fullpath);
+ goto out2;
+ sbuf_printf(sb, "comm=\"");
+ devctl_safe_quote_sb(sb, fullpath);
free(freepath, M_TEMP);
- freepath = NULL;
- if (vn_fullpath_global(td, vp, &fullpath, &freepath) != 0)
- goto out;
- if (!coredump_sanitise_path(fullpath))
- goto out;
- strlcat(data, core_name, len);
- strlcat(data, fullpath, len);
- devctl_notify("kernel", "signal", "coredump", data);
+ sbuf_printf(sb, "\" core=\"");
+
+ /*
+ * We can't lookup core file vp directly. When we're replacing a core, and
+ * other random times, we flush the name cache, so it will fail. Instead,
+ * if the path of the core is relative, add the current dir in front if it.
+ */
+ if (name[0] != '/') {
+ fullpath = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
+ if (kern___getcwd(td, fullpath, UIO_SYSSPACE, MAXPATHLEN, MAXPATHLEN) != 0) {
+ free(fullpath, M_TEMP);
+ goto out2;
+ }
+ devctl_safe_quote_sb(sb, fullpath);
+ free(fullpath, M_TEMP);
+ sbuf_putc(sb, '/');
+ }
+ devctl_safe_quote_sb(sb, name);
+ sbuf_printf(sb, "\"");
+ if (sbuf_finish(sb) == 0)
+ devctl_notify("kernel", "signal", "coredump", sbuf_data(sb));
+out2:
+ sbuf_delete(sb);
out:
error1 = vn_close(vp, FWRITE, cred, td);
if (error == 0)
@@ -3580,8 +3571,6 @@
#ifdef AUDIT
audit_proc_coredump(td, name, error);
#endif
- free(freepath, M_TEMP);
- free(data, M_TEMP);
free(name, M_TEMP);
return (error);
}
Index: sys/kern/subr_bus.c
===================================================================
--- sys/kern/subr_bus.c
+++ sys/kern/subr_bus.c
@@ -51,6 +51,7 @@
#include <machine/bus.h>
#include <sys/random.h>
#include <sys/rman.h>
+#include <sys/sbuf.h>
#include <sys/selinfo.h>
#include <sys/signalvar.h>
#include <sys/smp.h>
@@ -859,27 +860,18 @@
* Strings are always terminated with a NUL, but may be truncated if longer
* than @p len bytes after quotes.
*
- * @param dst Buffer to hold the string. Must be at least @p len bytes long
+ * @param sb sbuf to place the characters into
* @param src Original buffer.
- * @param len Length of buffer pointed to by @dst, including trailing NUL
*/
void
-devctl_safe_quote(char *dst, const char *src, size_t len)
+devctl_safe_quote_sb(struct sbuf *sb, const char *src)
{
- char *walker = dst, *ep = dst + len - 1;
- if (len == 0)
- return;
- while (src != NULL && walker < ep)
- {
- if (*src == '"' || *src == '\\') {
- if (ep - walker < 2)
- break;
- *walker++ = '\\';
- }
- *walker++ = *src++;
+ while (*src != '\0') {
+ if (*src == '"' || *src == '\\')
+ sbuf_putc(sb, '\\');
+ sbuf_putc(sb, *src++);
}
- *walker = '\0';
}
/* End of /dev/devctl code */
Index: sys/sys/bus.h
===================================================================
--- sys/sys/bus.h
+++ sys/sys/bus.h
@@ -156,7 +156,8 @@
const char *__type, const char *__data);
void devctl_queue_data_f(char *__data, int __flags);
void devctl_queue_data(char *__data);
-void devctl_safe_quote(char *__dst, const char *__src, size_t len);
+struct sbuf;
+void devctl_safe_quote_sb(struct sbuf *__sb, const char *__src);
/**
* Device name parsers. Hook to allow device enumerators to map

File Metadata

Mime Type
text/plain
Expires
Wed, Nov 19, 5:20 AM (4 h, 44 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
25515050
Default Alt Text
D16026.id.diff (5 KB)

Event Timeline