D56171.diff
No OneTemporary
Actions

Size

5 KB

Referenced Files

None

Subscribers

None

D56171.diff
View Options

	diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c
	--- a/sys/dev/vmm/vmm_dev.c
	+++ b/sys/dev/vmm/vmm_dev.c
	@@ -271,7 +271,10 @@
	}
	KASSERT(dsc != NULL, ("%s: devmem segment %d not found",
	__func__, mseg->segid));
	- error = copystr(dsc->name, mseg->name, len, NULL);
	+ if (strlcpy(mseg->name, dsc->name, len) >= len)
	+ error = ENAMETOOLONG;
	+ else
	+ error = 0;
	} else {
	bzero(mseg->name, len);
	}
	@@ -298,7 +301,10 @@
	if (VM_MEMSEG_NAME(mseg)) {
	sysmem = false;
	name = malloc(len, M_VMMDEV, M_WAITOK);
	- error = copystr(mseg->name, name, len, NULL);
	+ if (strlcpy(name, mseg->name, len) >= len)
	+ error = ENAMETOOLONG;
	+ else
	+ error = 0;
	if (error)
	goto done;
	}
	diff --git a/sys/kern/imgact_shell.c b/sys/kern/imgact_shell.c
	--- a/sys/kern/imgact_shell.c
	+++ b/sys/kern/imgact_shell.c
	@@ -231,8 +231,11 @@
	* use and copy the interpreter's name to imgp->interpreter_name
	* for exec to use.
	*/
	- error = copystr(fname, imgp->args->begin_argv + offset,
	- imgp->args->stringspace, NULL);
	+ if (strlcpy(imgp->args->begin_argv + offset, fname,
	+ imgp->args->stringspace) >= imgp->args->stringspace)
	+ error = ENAMETOOLONG;
	+ else
	+ error = 0;

	if (error == 0)
	imgp->interpreter_name = imgp->args->begin_argv;
	diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
	--- a/sys/kern/kern_exec.c
	+++ b/sys/kern/kern_exec.c
	@@ -1577,11 +1577,22 @@

	if (fname != NULL) {
	args->fname = args->buf;
	- error = segflg == UIO_SYSSPACE ?
	- copystr(fname, args->fname, PATH_MAX, &length) :
	- copyinstr(fname, args->fname, PATH_MAX, &length);
	+ if (segflg == UIO_SYSSPACE) {
	+ length = strlcpy(args->fname, fname, PATH_MAX);
	+ if (length >= PATH_MAX)
	+ error = E2BIG;
	+ else
	+ error = 0;
	+ /* include terminating NUL in length */
	+ length++;
	+ } else {
	+ error = copyinstr(fname, args->fname, PATH_MAX,
	+ &length);
	+ if (error == ENAMETOOLONG)
	+ error = E2BIG;
	+ }
	if (error != 0)
	- return (error == ENAMETOOLONG ? E2BIG : error);
	+ return (error);
	} else
	length = 0;

	@@ -1607,11 +1618,21 @@
	KASSERT(args->endp != NULL, ("endp not initialized"));
	KASSERT(args->begin_argv != NULL, ("begin_argp not initialized"));

	- error = (segflg == UIO_SYSSPACE) ?
	- copystr(str, args->endp, args->stringspace, &length) :
	- copyinstr(str, args->endp, args->stringspace, &length);
	+ if (segflg == UIO_SYSSPACE) {
	+ length = strlcpy(args->endp, str, args->stringspace);
	+ if (length >= args->stringspace)
	+ error = E2BIG;
	+ else
	+ error = 0;
	+ /* include terminating NUL in length */
	+ length++;
	+ } else {
	+ error = copyinstr(str, args->endp, args->stringspace, &length);
	+ if (error == ENAMETOOLONG)
	+ error = E2BIG;
	+ }
	if (error != 0)
	- return (error == ENAMETOOLONG ? E2BIG : error);
	+ return (error);
	args->stringspace -= length;
	args->endp += length;
	(*countp)++;
	diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c
	--- a/sys/kern/vfs_lookup.c
	+++ b/sys/kern/vfs_lookup.c
	@@ -465,8 +465,14 @@
	*/
	cnp->cn_pnbuf = uma_zalloc(namei_zone, M_WAITOK);
	if (ndp->ni_segflg == UIO_SYSSPACE) {
	- error = copystr(ndp->ni_dirp, cnp->cn_pnbuf, MAXPATHLEN,
	- &ndp->ni_pathlen);
	+ ndp->ni_pathlen = strlcpy(cnp->cn_pnbuf, ndp->ni_dirp,
	+ MAXPATHLEN);
	+ if (ndp->ni_pathlen >= MAXPATHLEN)
	+ error = ENAMETOOLONG;
	+ else
	+ error = 0;
	+ /* include terminating NUL in length */
	+ ndp->ni_pathlen++;
	} else {
	error = copyinstr(ndp->ni_dirp, cnp->cn_pnbuf, MAXPATHLEN,
	&ndp->ni_pathlen);
	diff --git a/sys/sys/param.h b/sys/sys/param.h
	--- a/sys/sys/param.h
	+++ b/sys/sys/param.h
	@@ -74,7 +74,7 @@
	* cannot include sys/param.h and should only be updated here.
	*/
	#undef __FreeBSD_version
	-#define __FreeBSD_version 1600014
	+#define __FreeBSD_version 1600015

	/*
	* __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,
	diff --git a/sys/sys/systm.h b/sys/sys/systm.h
	--- a/sys/sys/systm.h
	+++ b/sys/sys/systm.h
	@@ -289,17 +289,6 @@
	void memmove_early(void _Nonnull dest, const void * _Nonnull src, size_t n);
	#define bcopy_early(from, to, len) memmove_early((to), (from), (len))

	-#define copystr(src, dst, len, outlen) ({ \
	- size_t __r, __len, *__outlen; \
	- \
	- __len = (len); \
	- __outlen = (outlen); \
	- __r = strlcpy((dst), (src), __len); \
	- if (__outlen != NULL) \
	- *__outlen = ((__r >= __len) ? __len : __r + 1); \
	- ((__r >= __len) ? ENAMETOOLONG : 0); \
	-})
	-
	int __result_use_check copyinstr(const void * __restrict udaddr,
	void * _Nonnull __restrict kaddr, size_t len,
	size_t * __restrict lencopied);
	diff --git a/sys/ufs/ufs/ufs_extattr.c b/sys/ufs/ufs/ufs_extattr.c
	--- a/sys/ufs/ufs/ufs_extattr.c
	+++ b/sys/ufs/ufs/ufs_extattr.c
	@@ -264,14 +264,19 @@
	cnp.cn_cred = td->td_ucred;
	cnp.cn_pnbuf = uma_zalloc(namei_zone, M_WAITOK);
	cnp.cn_nameptr = cnp.cn_pnbuf;
	- error = copystr(dirname, cnp.cn_pnbuf, MAXPATHLEN,
	- (size_t *) &cnp.cn_namelen);
	+ cnp.cn_namelen = strlcpy(cnp.cn_pnbuf, dirname, MAXPATHLEN);
	+ if (cnp.cn_namelen >= MAXPATHLEN)
	+ error = ENAMETOOLONG;
	+ else
	+ error = 0;
	+ /* include terminating NUL in length */
	+ cnp.cn_namelen++;
	if (error) {
	if (lockparent == UE_GETDIR_LOCKPARENT_DONT) {
	VOP_UNLOCK(start_dvp);
	}
	uma_zfree(namei_zone, cnp.cn_pnbuf);
	- printf("ufs_extattr_lookup: copystr failed\n");
	+ printf("ufs_extattr_lookup: strlcpy failed\n");
	return (error);
	}
	cnp.cn_namelen--; /* trim nul termination */

File Metadata

Mime Type: text/plain
Expires: Mon, May 25, 10:39 PM (5 h, 45 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 33517810
Default Alt Text: D56171.diff (5 KB)

D56171.diffNo OneTemporaryActions

D56171.diffView Options

File Metadata

Event Timeline

D56171.diff
No OneTemporary
Actions

D56171.diff
View Options