Page MenuHomeFreeBSD

mdmfs: Fix many bugs in automatic md(4) creation.
ClosedPublic

Authored by brooks on Feb 8 2019, 6:13 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 3 2024, 7:12 PM
Unknown Object (File)
Oct 1 2024, 4:36 PM
Unknown Object (File)
Oct 1 2024, 4:03 PM
Unknown Object (File)
Sep 27 2024, 7:40 PM
Unknown Object (File)
Sep 25 2024, 6:41 AM
Unknown Object (File)
Sep 21 2024, 8:33 AM
Unknown Object (File)
Sep 21 2024, 12:55 AM
Unknown Object (File)
Sep 19 2024, 6:29 AM
Subscribers

Details

Summary

This code allocated a correctly sized buffer, read past the end of the
source buffer, writing off the end of the target buffer, and then writing
a '\0' terminator past the end of the target buffer (in the wrong place).
It then leaked the buffer.

Switch to a statically sized buffer on the stack and update the source pointer and
length before use so the correct things are copied.

Fix a logic error in the checks that the format of the line is as
expected and move on out of an assert.

Remove an unneeded close(). fclose() closes the descriptor.

Found with: CheriABI
Obtained from: CheriBSD

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 22403
Build 21566: arc lint + arc unit

Event Timeline

sbin/mdmfs/mdmfs.c
484–489

What if the line is just "md\n", i.e., there's no unit number? I think the second clause won't catch that case because linelen includes the newline character. That is, it looks like that should be linelen <= mdnamelen + 1.

  • Make sure there's at least space for one digit of a unit number.

It's probably fine, but I wonder if it wouldn't be more readable to just use getline() instead. I think you'd end up with something like:

char *linebuf;
size_t linecap;
...
sfd = fdopen(...);
linebuf = NULL;
linecap = 0;
if (getline(&linebuf, &linecap, sfd) < mdnamelen ||
    strncmp(linebuf, mdname, mdnamelen) != 0)
        errx(1, "unexpected output from mdconfig (attach)");
ul = strtoul(linebuf + mdnamelen, &p, 10);
...
fclose(sfd);
free(linebuf);
sbin/mdmfs/mdmfs.c
490

This assertion is now pointless.

500

This close() is wrong, but harmless. fdopen() "takes" the fd and so fclose() already closes it.

The buffer is not statically allocated, it is statically sized (in the revision summary).

brooks edited the summary of this revision. (Show Details)
  • Remove obsolete and always true assert.
  • Remove pointless close(). fclose() closes the descriptor.
This revision is now accepted and ready to land.Feb 11 2019, 8:14 PM
This revision was automatically updated to reflect the committed changes.