Page MenuHomeFreeBSD
Differential D6360

Fix acpidump CID 1011278 (Buffer not null terminated) and other issues
ClosedPublic
Actions

Authored by truckman on May 13 2016, 11:22 PM.
Tags
None
Referenced Files
F82854823: D6360.diff
Fri, May 3, 5:56 AM
Unknown Object (File)
Fri, Apr 26, 12:58 AM
Unknown Object (File)
Fri, Apr 26, 12:58 AM
Unknown Object (File)
Fri, Apr 26, 12:41 AM
Unknown Object (File)
Fri, Apr 26, 12:41 AM
Unknown Object (File)
Feb 22 2024, 7:56 AM
Unknown Object (File)
Dec 19 2023, 11:44 PM
Unknown Object (File)
Oct 27 2023, 9:01 PM
View All 34 Files
Subscribers
imp
ngie

Details

Reviewers
jkim
Commits
rS301141: MFC r300632
rS300632: Fix acpidump CID 1011278 (Buffer not null terminated) and other issues
Summary

Coverity reports that a buffer used for temporary file
generation might not be NUL terminated by strncpy().
This is probably not true because the input gets passed
through realpath(), but if the path name is sufficiently
long the name could be truncated and cause other problems.
The code for generating the temp file names is also overly
complex. Instead of a bunch of calls to strncpy() and and
strncat(), simplify by using snprintf() and add checks for
for unexpected truncation.

Also, the output file created by iasl -d is predictable,
so use mkdtemp() to create a directory to hold the iasl
input and output files.

Check the return values of more syscalls.

Test Plan

Compile and run

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 3733
Build 3776: arc lint + arc unit

Event Timeline

truckman updated this revision to Diff 16317.May 13 2016, 11:22 PM
truckman retitled this revision from to Fix acpidump CID 1011278 (Buffer not null terminated) and other issues.
truckman updated this object.
truckman edited the test plan for this revision. (Show Details)
Herald added a subscriber: imp. · View Herald TranscriptMay 13 2016, 11:22 PM
truckman added a reviewer: jkim.May 13 2016, 11:36 PM
ngie added a subscriber: ngie.May 14 2016, 1:52 AM
jkim accepted this revision.May 24 2016, 8:43 PM
jkim edited edge metadata.

I haven't looked at it closely but I trust you. :-)

This revision is now accepted and ready to land.May 24 2016, 8:43 PM
Closed by commit rS300632: Fix acpidump CID 1011278 (Buffer not null terminated) and other issues (authored by truckman). · Explain WhyMay 24 2016, 11:37 PM
This revision was automatically updated to reflect the committed changes.
ngie added inline comments.May 25 2016, 5:00 AM
head/usr.sbin/acpi/acpidump/acpi.c
1486 ↗(On Diff #16826)

len-1 -> len - 1 ?

1527–1528 ↗(On Diff #16826)

assert? That's kinda nasty and it can be compiled out... errx might make more sense.

truckman added inline comments.May 25 2016, 5:48 AM
head/usr.sbin/acpi/acpidump/acpi.c
1486 ↗(On Diff #16826)

The line was getting long and I didn't want to wrap it.

1527–1528 ↗(On Diff #16826)

This shouldn't be possible because of the checking on lines 1485-1489. If someone manages to trip this, I want us to get a bug report.

Revision Contents
Changeset List

PathSize
usr.sbin/
acpi/
acpidump/
61 lines

Diff 16317

View Options

usr.sbin/acpi/acpidump/acpi.c

Loading...