From owner-freebsd-audit Sun Mar 4 4:55:13 2001 Delivered-To: freebsd-audit@freebsd.org Received: from finch-post-11.mail.demon.net (finch-post-11.mail.demon.net [194.217.242.39]) by hub.freebsd.org (Postfix) with ESMTP id 6E00537B718; Sun, 4 Mar 2001 04:55:10 -0800 (PST) (envelope-from dfr@nlsystems.com) Received: from [62.49.251.130] (helo=herring.nlsystems.com) by finch-post-11.mail.demon.net with esmtp (Exim 2.12 #1) id 14ZY2X-0008Cr-0B; Sun, 4 Mar 2001 12:55:09 +0000 Received: from salmon.nlsystems.com (salmon [10.0.0.3]) by herring.nlsystems.com (8.11.2/8.11.2) with ESMTP id f24Crr707311; Sun, 4 Mar 2001 12:53:53 GMT (envelope-from dfr@nlsystems.com) Date: Sun, 4 Mar 2001 12:53:53 +0000 (GMT) From: Doug Rabson To: Alexander Langer Cc: , , Subject: Re: two new manpages for review: module.9, DECLARE_MODULE.9 In-Reply-To: <20010303165640.A8210@cichlids.cichlids.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 3 Mar 2001, Alexander Langer wrote: > [followup to audit@freebsd.org, please] > > Hi! > > I have written two new manpages and I'd like to hear some comments > about them (mdoc stuff, technical errors and enhancements, > suggestions[1]). The technical content seems fine. -- Doug Rabson Mail: dfr@nlsystems.com Phone: +44 20 8348 6160 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Mar 4 5: 3:42 2001 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id DC01337B719; Sun, 4 Mar 2001 05:03:37 -0800 (PST) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id OAA95429; Sun, 4 Mar 2001 14:03:34 +0100 (CET) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Kris Kennaway Cc: audit@FreeBSD.ORG, cracauer@FreeBSD.ORG, bde@FreeBSD.ORG Subject: Re: -Wnon-const-format patches, Pt 1 References: <20010303151334.A33979@mollari.cthul.hu> From: Dag-Erling Smorgrav Date: 04 Mar 2001 14:03:34 +0100 In-Reply-To: Kris Kennaway's message of "Sat, 3 Mar 2001 15:13:34 -0800" Message-ID: Lines: 26 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway writes: > These are the patches I have so far for format string warnings with > -Wnon-const-format, covering the bin/ tree. Please review (especially > whether I've got all the __printflike/__printf0like attributes correct > -- the difference being whether the function gracefully handles a NULL > format string, like the err() family, or through explicit checks). How about defining a wrapper macro for __printflike() that's empty except when compiling with GCC? I know there are other issues that prevent us from building our sources with other compilers, but there's no reason to add yet another. Something like this might work (contingent on Bruce's approval of the macros' names): #ifdef __GNUC__ #define PRINTFLIKE(a, b) __printflike((a), (b)) #define PRINTF0LIKE(a, b) __printf0like((a), (b)) #else #define PRINTFLIKE(a, b) #define PRINTF0LIKE(a, b) #endif DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Mar 4 5: 6:59 2001 Delivered-To: freebsd-audit@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-158.dsl.lsan03.pacbell.net [63.207.60.158]) by hub.freebsd.org (Postfix) with ESMTP id E886937B71A; Sun, 4 Mar 2001 05:06:55 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 815C366B09; Sun, 4 Mar 2001 05:06:55 -0800 (PST) Date: Sun, 4 Mar 2001 05:06:55 -0800 From: Kris Kennaway To: Dag-Erling Smorgrav Cc: audit@FreeBSD.ORG, bde@FreeBSD.ORG Subject: Re: -Wnon-const-format patches, Pt 1 Message-ID: <20010304050655.A32634@mollari.cthul.hu> References: <20010303151334.A33979@mollari.cthul.hu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from des@ofug.org on Sun, Mar 04, 2001 at 02:03:34PM +0100 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 04, 2001 at 02:03:34PM +0100, Dag-Erling Smorgrav wrote: > Kris Kennaway writes: > > These are the patches I have so far for format string warnings with > > -Wnon-const-format, covering the bin/ tree. Please review (especially > > whether I've got all the __printflike/__printf0like attributes correct > > -- the difference being whether the function gracefully handles a NULL > > format string, like the err() family, or through explicit checks). >=20 > How about defining a wrapper macro for __printflike() that's empty > except when compiling with GCC? I know there are other issues that > prevent us from building our sources with other compilers, but there's > no reason to add yet another. __printflike/__printf0like is already a macro - see Kris --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6oj3uWry0BWjoQKURAhbuAJ9BFXmArB7NN9+f4y+akaRYYU1l1gCfXrh0 45su+8TEONE4/IbG5jT2CZQ= =f0om -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Mar 4 5: 8:38 2001 Delivered-To: freebsd-audit@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id DCC5B37B719; Sun, 4 Mar 2001 05:08:35 -0800 (PST) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id OAA95460; Sun, 4 Mar 2001 14:08:34 +0100 (CET) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Kris Kennaway Cc: audit@FreeBSD.ORG, bde@FreeBSD.ORG Subject: Re: -Wnon-const-format patches, Pt 1 References: <20010303151334.A33979@mollari.cthul.hu> <20010304050655.A32634@mollari.cthul.hu> From: Dag-Erling Smorgrav Date: 04 Mar 2001 14:08:33 +0100 In-Reply-To: Kris Kennaway's message of "Sun, 4 Mar 2001 05:06:55 -0800" Message-ID: Lines: 11 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway writes: > On Sun, Mar 04, 2001 at 02:03:34PM +0100, Dag-Erling Smorgrav wrote: > > How about defining a wrapper macro for __printflike() that's empty > > except when compiling with GCC? > __printflike/__printf0like is already a macro - see OK, I wasn't aware of that. I have no further objections... DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Mar 5 1:38:46 2001 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 558) id 3BAE837B718; Mon, 5 Mar 2001 01:38:40 -0800 (PST) To: alfred@FreeBSD.ORG, bmilekic@FreeBSD.ORG, freebsd-audit@FreeBSD.ORG Subject: protecting cr_ref and ui_ref in -stable Message-Id: <20010305093840.3BAE837B718@hub.freebsd.org> Date: Mon, 5 Mar 2001 01:38:40 -0800 (PST) From: hsu@FreeBSD.ORG (Jeffrey Hsu) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Is something like the following needed in -stable? -current protects these structures with a mutex and I've had panics in -stable from bad reference counts. Index: sys/resourcevar.h =================================================================== RCS file: /home/cvs/FreeBSD/src/sys/sys/resourcevar.h,v retrieving revision 1.16.2.1 diff -u -r1.16.2.1 resourcevar.h --- sys/resourcevar.h 2000/09/07 19:13:55 1.16.2.1 +++ sys/resourcevar.h 2001/03/05 09:28:17 @@ -93,7 +93,12 @@ }; #ifdef _KERNEL -#define uihold(uip) (uip)->ui_ref++ +#define uihold(uip) do { \ + int s = splnet(); \ + (uip)->ui_ref++; \ + splx(s); \ +} while(0) + struct proc; void addupc_intr __P((struct proc *p, u_long pc, u_int ticks)); Index: sys/ucred.h =================================================================== RCS file: /home/cvs/FreeBSD/src/sys/sys/ucred.h,v retrieving revision 1.14.2.3 diff -u -r1.14.2.3 ucred.h --- sys/ucred.h 2000/10/28 02:10:30 1.14.2.3 +++ sys/ucred.h 2001/03/05 09:26:27 @@ -55,7 +55,11 @@ #define FSCRED ((struct ucred *)-1) /* filesystem credential */ #ifdef _KERNEL -#define crhold(cr) (cr)->cr_ref++ +#define crhold(cr) do { \ + int s = splnet(); \ + (cr)->cr_ref++; \ + splx(s); \ +} while (0) struct proc; Index: kern/kern_prot.c =================================================================== RCS file: /home/cvs/FreeBSD/src/sys/kern/kern_prot.c,v retrieving revision 1.53.2.6 diff -u -r1.53.2.6 kern_prot.c --- kern/kern_prot.c 2000/12/09 02:44:47 1.53.2.6 +++ kern/kern_prot.c 2001/03/05 09:32:33 @@ -998,6 +998,9 @@ crfree(cr) struct ucred *cr; { + int s; + + s = splnet(); if (--cr->cr_ref == 0) { /* * Some callers of crget(), such as nfs_statfs(), @@ -1008,6 +1011,7 @@ uifree(cr->cr_uidinfo); FREE((caddr_t)cr, M_CRED); } + splx(s); } /* @@ -1018,9 +1022,15 @@ struct ucred *cr; { struct ucred *newcr; + int s; + - if (cr->cr_ref == 1) + s = splnet(); + if (cr->cr_ref == 1) { + splx(s); return (cr); + } + splx(s); newcr = crget(); *newcr = *cr; uihold(newcr->cr_uidinfo); Index: kern/kern_resource.c =================================================================== RCS file: /home/cvs/FreeBSD/src/sys/kern/kern_resource.c,v retrieving revision 1.55.2.4 diff -u -r1.55.2.4 kern_resource.c --- kern/kern_resource.c 2001/03/02 17:12:35 1.55.2.4 +++ kern/kern_resource.c 2001/03/05 09:29:35 @@ -718,11 +718,14 @@ uid_t uid; { struct uidinfo *uip; + int s; uip = uilookup(uid); if (uip == NULL) uip = uicreate(uid); + s = splnet(); uip->ui_ref++; + splx(s); return (uip); } @@ -731,7 +734,11 @@ struct uidinfo *uip; { + int s; + + s = splnet(); if (--uip->ui_ref == 0) { + splx(s); if (uip->ui_sbsize != 0) /* XXX no %qd in kernel. Truncate. */ printf("freeing uidinfo: uid = %d, sbsize = %ld\n", @@ -743,6 +750,7 @@ FREE(uip, M_UIDINFO); return (1); } + splx(s); return (0); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Mon Mar 5 16:30:30 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 7CFD737B719; Mon, 5 Mar 2001 16:30:24 -0800 (PST) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f260UO414539; Mon, 5 Mar 2001 16:30:24 -0800 (PST) Date: Mon, 5 Mar 2001 16:30:24 -0800 From: Alfred Perlstein To: terry@freebsd.org Cc: audit@freebsd.org Subject: ISO 9660 questions (forw) Re: Could you commit some code for me? Message-ID: <20010305163023.E8663@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-all-your-base: are belong to us. Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In re: http://www.FreeBSD.org/cgi/query-pr.cgi?pr=23315 I was wondering if anyone knew if this was an ok patch? I'm worried about accidentally allowing an admin to mount a disc in a way that would/could cause a panic. Terry, you're Mr FS Standards, care to comment? The combo of tech docs and Linux source crawling that I did to find an answer gave me am major headache. ----- Forwarded message from Mark Peek ----- From: Mark Peek To: Alfred Perlstein Subject: Re: Could you commit some code for me? Date: Thu, 22 Feb 2001 17:42:31 -0800 Message-Id: At 4:56 PM -0800 2/22/01, Alfred Perlstein wrote: >I'll commit this, but i need to know what the extra flags actually mean, >meaning I want to make sure that this doesn't allow mounting of discs >that actually have a different layout/FS that might cause a panic for >others. Alfred, Thanks for getting back to me. I don't have access to the ISO specs but I found this source of information on the Joliet format that appears to be a copy of the Microsoft spec: It states: >The UCS-2 Level 1, UCS Level 2, and UCS-2 Level 3 escape sequences are >considered to be registered according ISO 2735 for purposes of setting >bit 0 of the Volume Flags field of the SVD. > >The nominal value of Bit 0 of the Volume Flags field for a Unicode SVD >shall be ZERO. I'm not entirely sure what it means to have these escape sequences "registered". The problem is some Joliet CD's will have the correct escape sequences but they fail to properly clear the volume flags bit zero. The current FreeBSD driver checks this bit and will revert back to level 0 (8.3 filenames) if it is set. This same CD (and others I've seen) provide full filenames on Windows and Linux. Note: by inspection of the source code, the Linux driver does not check this bit field. It really appears to be a nuance to the 9660 and Joliet formats. I'm not too worried about a Rock Ridge disk all of a sudden showing up as a Joliet volume. Also, as I stated in my PR, you can use the -j to mount_cd9660 to turn off all Joliet behavior. Does that help alleviate your concerns? Let me know if you have any other questions or comments. Thanks, Mark --------- Mark Peek Director of Internet Technology IBM Global Small Business/Whistle Communications Work: (650) 577-7052 Email: mark@whistle.com ----- End forwarded message ----- -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Mar 6 6:42: 4 2001 Delivered-To: freebsd-audit@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6B39D37B718; Tue, 6 Mar 2001 06:42:01 -0800 (PST) (envelope-from green@FreeBSD.org) Received: from localhost (jk0826@localhost [127.0.0.1]) by green.dyndns.org (8.11.2/8.11.1) with ESMTP id f26EeNd22299; Tue, 6 Mar 2001 09:40:30 -0500 (EST) (envelope-from green@FreeBSD.org) Message-Id: <200103061440.f26EeNd22299@green.dyndns.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: hsu@FreeBSD.org (Jeffrey Hsu) Cc: alfred@FreeBSD.org, bmilekic@FreeBSD.org, freebsd-audit@FreeBSD.org Subject: Re: protecting cr_ref and ui_ref in -stable In-Reply-To: Message from hsu@FreeBSD.ORG (Jeffrey Hsu) of "Mon, 05 Mar 2001 01:38:40 PST." <20010305093840.3BAE837B718@hub.freebsd.org> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 06 Mar 2001 09:40:22 -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hsu@FreeBSD.ORG (Jeffrey Hsu) wrote: > Is something like the following needed in -stable? -current protects > these structures with a mutex and I've had panics in -stable from bad > reference counts. Absolutely. This should definitely go in 4.3-RELEASE (modulo choosing a different spl). -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Mar 6 18:25:42 2001 Delivered-To: freebsd-audit@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id A7E2E37B71A; Tue, 6 Mar 2001 18:25:35 -0800 (PST) (envelope-from brdavis@odin.ac.hmc.edu) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id f272PWN14575; Tue, 6 Mar 2001 18:25:32 -0800 Date: Tue, 6 Mar 2001 18:25:32 -0800 From: Brooks Davis To: audit@freebsd.org, doc@freebsd.org Subject: review request: ifconfig support for wireless card Message-ID: <20010306182532.A14442@Odin.AC.HMC.Edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU" Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline [Cross-posted message, please trim you're replies as appropriate.] I'd like to request review of a PR I just submitted as: conf/25577: [PATCH] ifconfig support for wireless network cards http://www.FreeBSD.org/cgi/query-pr.cgi?pr=3D25577 WARNING: Use the patch at the URL below rather then the one in the PR. As I was typing this message I realized I'd missed a critical suser() check in the an driver. http://www.one-eyed-alien.net/~brooks/FreeBSD/ifconfig.diff I'm also looking for a commiter to work with me to get this committed. This patch provides ifconfig support for wireless network rendering wicontrol and ancontrol unnecessary 99% of the time. By way of example, my /etc/start_if.an0 went from: ancontrol -i an0 -o 1 ancontrol -i an0 -n SSID ancontrol -i an0 -K 1 ancontrol -i an0 -W 1 to: ifconfig an0 ssid SSID wepmode on Support is included for wi and an cards since those are the ones I have and the most modern ones as well. Partial support for awi is also included, but is not ready for commit. These patches are against -current. I'll have tested stable patches in a couple of days once I get an extra laptop shipped from the office. -audit: There should be no issues in ifconfig since it runs unprivileged, but there might be issues in the driver code since I did have to use suser there. In fact, I noticed as I was typing this that I'd screwed it up in the an driver. -doc: This patch contains a patch to the ifconfig man page documenting the new commands. It also contains a new ieee80211.4 man page documenting the new ioctl interface I have added. These are my first significant attempts at man page modification/writing so there are bound to be issues. Let me know what you think. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6pZwbXY6L6fI4GtQRAs7pAJoDWt8lb3xzcW7479nXCnBZfhBcIQCeOyxG HZMcLSmTRbvfglFpN+X6enk= =Wcx3 -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Mar 7 7:56: 1 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mx.nsu.ru (mx.nsu.ru [193.124.215.71]) by hub.freebsd.org (Postfix) with ESMTP id 64F4737B718 for ; Wed, 7 Mar 2001 07:55:56 -0800 (PST) (envelope-from fjoe@iclub.nsu.ru) Received: from iclub.nsu.ru (root@iclub.nsu.ru [193.124.222.66]) by mx.nsu.ru (8.9.1/8.9.0) with ESMTP id VAA15337 for ; Wed, 7 Mar 2001 21:54:28 +0600 (NOVT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.11.2/8.11.2) with ESMTP id f27FsQH43541 for ; Wed, 7 Mar 2001 21:54:27 +0600 (NS) (envelope-from fjoe@iclub.nsu.ru) Date: Wed, 7 Mar 2001 21:54:26 +0600 (NS) From: Max Khon To: freebsd-audit@freebsd.org Subject: MAXHOSTNAMELEN Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hi, there! should one allocate buffer of size MAXHOSTNAMELEN or MAXHOSTNAMELEN+1 bytes when using gethostname? lark:/usr/include$grep -Ir MAXHOSTNAMELEN . ./nfs/nfsdiskless.h: char my_hostnam[MAXHOSTNAMELEN]; /* Client host name */ ./nfs/nfsdiskless.h: char my_hostnam[MAXHOSTNAMELEN]; /* Client host name */ ./protocols/timed.h: char tsp_name[MAXHOSTNAMELEN]; ./sys/kernel.h:extern char hostname[MAXHOSTNAMELEN]; ./sys/kernel.h:extern char domainname[MAXHOSTNAMELEN]; ./sys/param.h:#define MAXHOSTNAMELEN 256 /* max hostname size */ ./sys/jail.h: char pr_host[MAXHOSTNAMELEN]; ./fetch.h: char host[MAXHOSTNAMELEN+1]; lark:/usr/include$ /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Mar 7 8:26:54 2001 Delivered-To: freebsd-audit@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id B8E9037B718; Wed, 7 Mar 2001 08:26:41 -0800 (PST) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f27GOrS95934; Wed, 7 Mar 2001 18:24:53 +0200 (EET) (envelope-from ru) Date: Wed, 7 Mar 2001 18:24:53 +0200 From: Ruslan Ermilov To: Max Khon Cc: freebsd-audit@FreeBSD.ORG, Garrett Wollman Subject: Re: MAXHOSTNAMELEN Message-ID: <20010307182453.D36537@sunbay.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from fjoe@iclub.nsu.ru on Wed, Mar 07, 2001 at 09:54:26PM +0600 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Mar 07, 2001 at 09:54:26PM +0600, Max Khon wrote: > hi, there! > > should one allocate buffer of size MAXHOSTNAMELEN or MAXHOSTNAMELEN+1 > bytes when using gethostname? > > lark:/usr/include$grep -Ir MAXHOSTNAMELEN . > ./nfs/nfsdiskless.h: char my_hostnam[MAXHOSTNAMELEN]; /* > Client host name */ > ./nfs/nfsdiskless.h: char my_hostnam[MAXHOSTNAMELEN]; /* > Client host name */ > ./protocols/timed.h: char tsp_name[MAXHOSTNAMELEN]; > ./sys/kernel.h:extern char hostname[MAXHOSTNAMELEN]; > ./sys/kernel.h:extern char domainname[MAXHOSTNAMELEN]; > ./sys/param.h:#define MAXHOSTNAMELEN 256 /* max hostname > size */ > ./sys/jail.h: char pr_host[MAXHOSTNAMELEN]; > ./fetch.h: char host[MAXHOSTNAMELEN+1]; > lark:/usr/include$ > Current POSIX draft says: : NAME : gethostname - get name of current host : SYNOPSIS : #include : int gethostname(char *name, socklen_t namelen); : DESCRIPTION : The gethostname() function shall return the standard host name : for the current machine. The namelen argument shall specify : the size of the array pointed to by the name argument. The : returned name shall be null-terminated, except that if namelen : is an insufficient length to hold the host name, then the : returned name shall be truncated and it is unspecified whether : the returned name is null-terminated. : Host names are limited to 255 bytes. : RETURN VALUE : Upon successful completion, 0 shall be returned; otherwise, : -1 shall be returned. And given that MAXHOSTNAMELEN is defined as 256, it would appear that passing MAXHOSTNAMELEN would be enough. But we are not currently POSIX-compatible; kern_mib.c defines ``char hostname[MAXHOSTNAMELEN]'' thus allowing host names of up to 256 bytes, so (in FreeBSD), you should pass MAXHOSTNAMELEN+1. This could be fixed by redefining MAXHOSTNAMELEN to 255. Garrett? Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Mar 7 8:33:46 2001 Delivered-To: freebsd-audit@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 1279137B71A; Wed, 7 Mar 2001 08:33:12 -0800 (PST) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f27GVPL04101; Wed, 7 Mar 2001 18:31:25 +0200 (EET) (envelope-from ru) Date: Wed, 7 Mar 2001 18:31:25 +0200 From: Ruslan Ermilov To: Max Khon Cc: freebsd-audit@FreeBSD.ORG, Garrett Wollman Subject: Re: MAXHOSTNAMELEN Message-ID: <20010307183125.A3227@sunbay.com> References: <20010307182453.D36537@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010307182453.D36537@sunbay.com>; from ru@FreeBSD.org on Wed, Mar 07, 2001 at 06:24:53PM +0200 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Mar 07, 2001 at 06:24:53PM +0200, Ruslan Ermilov wrote: [...] > > And given that MAXHOSTNAMELEN is defined as 256, it would appear that > passing MAXHOSTNAMELEN would be enough. But we are not currently > POSIX-compatible; kern_mib.c defines ``char hostname[MAXHOSTNAMELEN]'' > thus allowing host names of up to 256 bytes, so (in FreeBSD), you > should pass MAXHOSTNAMELEN+1. > > This could be fixed by redefining MAXHOSTNAMELEN to 255. Garrett? > Grr, I meant to say that you should always pass MAXHOSTNAMELEN+1, but the current value of MAXHOSTNAMELEN is not POSIX-compatible. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Mar 7 10:12: 1 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mx.nsu.ru (mx.nsu.ru [193.124.215.71]) by hub.freebsd.org (Postfix) with ESMTP id CAB0A37B719; Wed, 7 Mar 2001 10:11:50 -0800 (PST) (envelope-from fjoe@iclub.nsu.ru) Received: from iclub.nsu.ru (root@iclub.nsu.ru [193.124.222.66]) by mx.nsu.ru (8.9.1/8.9.0) with ESMTP id AAA16275; Thu, 8 Mar 2001 00:09:09 +0600 (NOVT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.11.2/8.11.2) with ESMTP id f27I97V47594; Thu, 8 Mar 2001 00:09:08 +0600 (NS) (envelope-from fjoe@iclub.nsu.ru) Date: Thu, 8 Mar 2001 00:09:06 +0600 (NS) From: Max Khon To: Ruslan Ermilov Cc: freebsd-audit@FreeBSD.ORG, Garrett Wollman Subject: Re: MAXHOSTNAMELEN In-Reply-To: <20010307183125.A3227@sunbay.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hi, there! On Wed, 7 Mar 2001, Ruslan Ermilov wrote: > > And given that MAXHOSTNAMELEN is defined as 256, it would appear that > > passing MAXHOSTNAMELEN would be enough. But we are not currently > > POSIX-compatible; kern_mib.c defines ``char hostname[MAXHOSTNAMELEN]'' > > thus allowing host names of up to 256 bytes, so (in FreeBSD), you > > should pass MAXHOSTNAMELEN+1. > > > > This could be fixed by redefining MAXHOSTNAMELEN to 255. Garrett? > > > Grr, I meant to say that you should always pass MAXHOSTNAMELEN+1, but > the current value of MAXHOSTNAMELEN is not POSIX-compatible. so in a lot of places buffers that supposed to hold hostname are not allocated properly (see output of grep in my original message) /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Mar 7 10:42:54 2001 Delivered-To: freebsd-audit@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 7B3C337B71A; Wed, 7 Mar 2001 10:42:52 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id NAA80421; Wed, 7 Mar 2001 13:42:49 -0500 (EST) (envelope-from wollman) Date: Wed, 7 Mar 2001 13:42:49 -0500 (EST) From: Garrett Wollman Message-Id: <200103071842.NAA80421@khavrinen.lcs.mit.edu> To: Ruslan Ermilov Cc: Max Khon , freebsd-audit@FreeBSD.ORG Subject: Re: MAXHOSTNAMELEN In-Reply-To: <20010307182453.D36537@sunbay.com> References: <20010307182453.D36537@sunbay.com> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG < said: > This could be fixed by redefining MAXHOSTNAMELEN to 255. Garrett? Please wait until I get a resolution of my aardvark on this topic. I have proposed introduction of a new system parameter {HOST_NAME_MAX} which is explicit about the terminating NUL. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Mar 7 12:53: 8 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 698B337B719; Wed, 7 Mar 2001 12:53:05 -0800 (PST) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id PAA83864; Wed, 7 Mar 2001 15:53:03 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <200103071842.NAA80421@khavrinen.lcs.mit.edu> References: <20010307182453.D36537@sunbay.com> <200103071842.NAA80421@khavrinen.lcs.mit.edu> Date: Wed, 7 Mar 2001 15:53:02 -0500 To: Garrett Wollman , Ruslan Ermilov From: Garance A Drosihn Subject: Re: MAXHOSTNAMELEN Cc: Max Khon , freebsd-audit@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 1:42 PM -0500 3/7/01, Garrett Wollman wrote: >< said: > >> This could be fixed by redefining MAXHOSTNAMELEN to 255. Garrett? > >Please wait until I get a resolution of my aardvark on this topic. I >have proposed introduction of a new system parameter {HOST_NAME_MAX} >which is explicit about the terminating NUL. Perhaps the name should be explicit too... HOSTNAME_PLUS_NULL_MAX :-) (it's a joke. calm down everyone...) -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 13:23: 7 2001 Delivered-To: freebsd-audit@freebsd.org Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252]) by hub.freebsd.org (Postfix) with ESMTP id 52D2C37B71A; Fri, 9 Mar 2001 13:22:54 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.2/8.11.2) with ESMTP id f29LOaC88745; Fri, 9 Mar 2001 21:24:36 GMT (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f29LPlu04957; Fri, 9 Mar 2001 21:25:47 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: freebsd-audit@FreeBSD.org Cc: Brian Somers , eivind@FreeBSD.org Subject: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Mar 2001 21:25:47 +0000 From: Brian Somers Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Would someone mind looking at this patch ? It fixes the use of MAXHOSTNAMELEN, but also avoids wandering off the end of a possibly-not-terminated passed-in buffer with strlen(). Eivind has some patches in the pipeline here to return errors rather than truncating host names, so it was his work that found the actual overrun.... I figured I'd commit this and possibly ask for an MFC RSN so that we get this fixed for the -stable release. Ta. -- Brian Don't _EVER_ lose your sense of humour ! Index: realhostname.c =================================================================== RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v retrieving revision 1.10 diff -u -r1.10 realhostname.c --- realhostname.c 2001/01/28 21:51:25 1.10 +++ realhostname.c 2001/03/09 21:12:01 @@ -52,7 +52,7 @@ int realhostname(char *host, size_t hsize, const struct in_addr *ip) { - char trimmed[MAXHOSTNAMELEN+1]; + char trimmed[MAXHOSTNAMELEN]; int result; struct hostent *hp; @@ -136,15 +136,15 @@ freeaddrinfo(ores); goto numeric; } - strncpy(buf, ores->ai_canonname, + strlcpy(buf, ores->ai_canonname, sizeof(buf)); trimdomain(buf, hsize); - strncpy(host, buf, hsize); - if (strlen(host) > hsize && + if (strlen(buf) > hsize && addr->sa_family == AF_INET) { freeaddrinfo(ores); goto numeric; } + strncpy(host, buf, hsize); break; } ((struct sockinet *)addr)->si_port = port; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 13:23:11 2001 Delivered-To: freebsd-audit@freebsd.org Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252]) by hub.freebsd.org (Postfix) with ESMTP id 0CB0037B71B for ; Fri, 9 Mar 2001 13:22:56 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.2/8.11.2) with ESMTP id f29LOXC88741 for ; Fri, 9 Mar 2001 21:24:33 GMT (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f29LPju04945; Fri, 9 Mar 2001 21:25:45 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200103092125.f29LPju04945@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: freebsd-audit@FreeBSD.org Cc: Brian Somers Subject: netstat/MAXHOSTNAMELEN fixes Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Mar 2001 21:25:45 +0000 From: Brian Somers Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Would someone mind casting an eye over the attached patch ? It fixes uses of MAXHOSTNAMELEN and uses trimdomain() from libutil rather than rolling our own. Ta. -- Brian Don't _EVER_ lose your sense of humour ! Index: Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/Makefile,v retrieving revision 1.15 diff -u -r1.15 Makefile --- Makefile 2000/07/04 16:26:46 1.15 +++ Makefile 2001/03/09 20:54:45 @@ -11,8 +11,8 @@ #.PATH: ${.CURDIR}/../../sys/netiso BINGRP= kmem BINMODE=2555 -DPADD= ${LIBKVM} ${LIBIPX} ${LIBNETGRAPH} -LDADD= -lkvm -lipx -lnetgraph +DPADD= ${LIBKVM} ${LIBIPX} ${LIBNETGRAPH} ${LIBUTIL} +LDADD= -lkvm -lipx -lnetgraph -lutil CFLAGS+=-DINET6 -DIPSEC .include Index: inet.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/inet.c,v retrieving revision 1.38 diff -u -r1.38 inet.c --- inet.c 2000/07/04 16:26:46 1.38 +++ inet.c 2001/03/09 20:56:51 @@ -72,6 +72,7 @@ #include #include #include +#include #include #include #include @@ -715,7 +716,7 @@ struct in_addr *inp; { register char *cp; - static char line[MAXHOSTNAMELEN + 1]; + static char line[MAXHOSTNAMELEN]; struct hostent *hp; struct netent *np; @@ -733,7 +734,7 @@ hp = gethostbyaddr((char *)inp, sizeof (*inp), AF_INET); if (hp) { cp = hp->h_name; - trimdomain(cp); + trimdomain(cp, strlen(cp)); } } } Index: inet6.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/inet6.c,v retrieving revision 1.6 diff -u -r1.6 inet6.c --- inet6.c 2000/08/07 16:39:33 1.6 +++ inet6.c 2001/03/09 20:45:50 @@ -1015,7 +1015,7 @@ register char *cp; static char line[50]; struct hostent *hp; - static char domain[MAXHOSTNAMELEN + 1]; + static char domain[MAXHOSTNAMELEN]; static int first = 1; if (first && !nflag) { Index: main.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/main.c,v retrieving revision 1.37 diff -u -r1.37 main.c --- main.c 2000/08/03 14:53:41 1.37 +++ main.c 2001/03/09 20:56:51 @@ -702,33 +702,3 @@ " netstat [-M core] [-N system] [-p protocol]"); exit(1); } - -void -trimdomain(cp) - char *cp; -{ - static char domain[MAXHOSTNAMELEN + 1]; - static int first = 1; - char *s; - - if (first) { - first = 0; - if (gethostname(domain, MAXHOSTNAMELEN) == 0 && - (s = strchr(domain, '.'))) - (void) strcpy(domain, s + 1); - else - domain[0] = 0; - } - - if (domain[0]) { - while ((cp = strchr(cp, '.'))) { - if (!strcasecmp(cp + 1, domain)) { - *cp = 0; /* hit it */ - break; - } else { - cp++; - } - } - } -} - Index: netstat.h =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/netstat.h,v retrieving revision 1.18 diff -u -r1.18 netstat.h --- netstat.h 2000/07/05 02:02:54 1.18 +++ netstat.h 2001/03/09 20:55:10 @@ -61,7 +61,6 @@ int kread __P((u_long addr, char *buf, int size)); char *plural __P((int)); char *plurales __P((int)); -void trimdomain __P((char *)); void protopr __P((u_long, char *, int)); void tcp_stats __P((u_long, char *)); Index: route.c =================================================================== RCS file: /home/ncvs/src/usr.bin/netstat/route.c,v retrieving revision 1.45 diff -u -r1.45 route.c --- route.c 2000/09/18 11:14:40 1.45 +++ route.c 2001/03/09 20:56:51 @@ -62,6 +62,7 @@ #include #include +#include #include #include #include @@ -637,7 +638,7 @@ u_long in; { register char *cp; - static char line[MAXHOSTNAMELEN + 1]; + static char line[MAXHOSTNAMELEN]; struct hostent *hp; cp = 0; @@ -646,7 +647,7 @@ AF_INET); if (hp) { cp = hp->h_name; - trimdomain(cp); + trimdomain(cp, strlen(cp)); } } if (cp) { @@ -715,7 +716,7 @@ u_long in, mask; { char *cp = 0; - static char line[MAXHOSTNAMELEN + 1]; + static char line[MAXHOSTNAMELEN]; struct netent *np = 0; u_long net, omask, dmask; register u_long i; @@ -729,7 +730,7 @@ np = getnetbyaddr(net, AF_INET); if (np) { cp = np->n_name; - trimdomain(cp); + trimdomain(cp, strlen(cp)); } } if (cp) @@ -753,7 +754,7 @@ struct sockaddr_in6 *sa6; struct in6_addr *mask; { - static char line[MAXHOSTNAMELEN + 1]; + static char line[MAXHOSTNAMELEN]; u_char *p = (u_char *)mask; u_char *lim; int masklen, illegal = 0, flag = NI_WITHSCOPEID; @@ -816,7 +817,7 @@ routename6(sa6) struct sockaddr_in6 *sa6; { - static char line[MAXHOSTNAMELEN + 1]; + static char line[MAXHOSTNAMELEN]; int flag = NI_WITHSCOPEID; /* use local variable for safety */ struct sockaddr_in6 sa6_local = {AF_INET6, sizeof(sa6_local),}; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 13:38:52 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id C35B137B721; Fri, 9 Mar 2001 13:38:41 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f29Lc8I10799; Fri, 9 Mar 2001 14:38:11 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200103092138.f29Lc8I10799@harmony.village.org> To: Brian Somers Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Cc: freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG In-reply-to: Your message of "Fri, 09 Mar 2001 21:25:47 GMT." <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> References: <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Date: Fri, 09 Mar 2001 14:38:08 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Brian Somers writes: : Eivind has some patches in the pipeline here to return errors rather : than truncating host names, so it was his work that found the actual : overrun.... I figured I'd commit this and possibly ask for an MFC : RSN so that we get this fixed for the -stable release. : : Ta. : -- : Brian : : Don't _EVER_ lose your sense of humour ! : : Index: realhostname.c : =================================================================== : RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v : retrieving revision 1.10 : diff -u -r1.10 realhostname.c : --- realhostname.c 2001/01/28 21:51:25 1.10 : +++ realhostname.c 2001/03/09 21:12:01 : @@ -52,7 +52,7 @@ : int : realhostname(char *host, size_t hsize, const struct in_addr *ip) : { : - char trimmed[MAXHOSTNAMELEN+1]; : + char trimmed[MAXHOSTNAMELEN]; : int result; : struct hostent *hp; : : @@ -136,15 +136,15 @@ : freeaddrinfo(ores); : goto numeric; : } : - strncpy(buf, ores->ai_canonname, : + strlcpy(buf, ores->ai_canonname, : sizeof(buf)); : trimdomain(buf, hsize); : - strncpy(host, buf, hsize); : - if (strlen(host) > hsize && : + if (strlen(buf) > hsize && : addr->sa_family == AF_INET) { : freeaddrinfo(ores); : goto numeric; : } : + strncpy(host, buf, hsize); Should likely use strlcpy. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 13:45:54 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id D10EE37B719; Fri, 9 Mar 2001 13:45:52 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f29LjiI10850; Fri, 9 Mar 2001 14:45:44 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200103092145.f29LjiI10850@harmony.village.org> Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Cc: Brian Somers , freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG In-reply-to: Your message of "Fri, 09 Mar 2001 14:38:08 MST." <200103092138.f29Lc8I10799@harmony.village.org> References: <200103092138.f29Lc8I10799@harmony.village.org> <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Date: Fri, 09 Mar 2001 14:45:44 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200103092138.f29Lc8I10799@harmony.village.org> Warner Losh writes: : : Eivind has some patches in the pipeline here to return errors rather : : than truncating host names, so it was his work that found the actual : : overrun.... I figured I'd commit this and possibly ask for an MFC : : RSN so that we get this fixed for the -stable release. On second thought, I don't think we want to rush these into -stable. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 14: 1:53 2001 Delivered-To: freebsd-audit@freebsd.org Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252]) by hub.freebsd.org (Postfix) with ESMTP id 85CE337B718; Fri, 9 Mar 2001 14:01:49 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.2/8.11.2) with ESMTP id f29M3LC88919; Fri, 9 Mar 2001 22:03:21 GMT (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f29M4Wu05447; Fri, 9 Mar 2001 22:04:32 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Warner Losh Cc: Brian Somers , freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix In-Reply-To: Message from Warner Losh of "Fri, 09 Mar 2001 14:38:08 MST." <200103092138.f29Lc8I10799@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Mar 2001 22:04:32 +0000 From: Brian Somers Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > In message <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Brian Somers writes: > : Eivind has some patches in the pipeline here to return errors rather > : than truncating host names, so it was his work that found the actual > : overrun.... I figured I'd commit this and possibly ask for an MFC > : RSN so that we get this fixed for the -stable release. > : > : Ta. > : -- > : Brian > : > : Don't _EVER_ lose your sense of humour ! > : > : Index: realhostname.c > : =================================================================== > : RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v > : retrieving revision 1.10 > : diff -u -r1.10 realhostname.c > : --- realhostname.c 2001/01/28 21:51:25 1.10 > : +++ realhostname.c 2001/03/09 21:12:01 > : @@ -52,7 +52,7 @@ > : int > : realhostname(char *host, size_t hsize, const struct in_addr *ip) > : { > : - char trimmed[MAXHOSTNAMELEN+1]; > : + char trimmed[MAXHOSTNAMELEN]; > : int result; > : struct hostent *hp; > : > : @@ -136,15 +136,15 @@ > : freeaddrinfo(ores); > : goto numeric; > : } > : - strncpy(buf, ores->ai_canonname, > : + strlcpy(buf, ores->ai_canonname, > : sizeof(buf)); > : trimdomain(buf, hsize); > : - strncpy(host, buf, hsize); > : - if (strlen(host) > hsize && > : + if (strlen(buf) > hsize && > : addr->sa_family == AF_INET) { > : freeaddrinfo(ores); > : goto numeric; > : } > : + strncpy(host, buf, hsize); > > Should likely use strlcpy. The returned string (host) is not meant to be terminated if the host fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...). > Warner -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 14: 3:39 2001 Delivered-To: freebsd-audit@freebsd.org Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252]) by hub.freebsd.org (Postfix) with ESMTP id 6323B37B718; Fri, 9 Mar 2001 14:03:28 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.2/8.11.2) with ESMTP id f29M59C88934; Fri, 9 Mar 2001 22:05:09 GMT (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f29M6Ku05464; Fri, 9 Mar 2001 22:06:20 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200103092206.f29M6Ku05464@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Warner Losh Cc: Brian Somers , freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix In-Reply-To: Message from Warner Losh of "Fri, 09 Mar 2001 14:45:44 MST." <200103092145.f29LjiI10850@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Mar 2001 22:06:20 +0000 From: Brian Somers Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > In message <200103092138.f29Lc8I10799@harmony.village.org> Warner Losh writes: > : : Eivind has some patches in the pipeline here to return errors rather > : : than truncating host names, so it was his work that found the actual > : : overrun.... I figured I'd commit this and possibly ask for an MFC > : : RSN so that we get this fixed for the -stable release. > > On second thought, I don't think we want to rush these into -stable. I figured a buffer overrun was grounds to ``rush'', but if the concensus is not to, that's ok. After all, it is a *read* overrun that isn't really going to do any harm. > Warner -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 14:10:25 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 918D937B718; Fri, 9 Mar 2001 14:10:21 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f29MAII10967; Fri, 9 Mar 2001 15:10:18 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200103092210.f29MAII10967@harmony.village.org> To: Brian Somers Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Cc: freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG In-reply-to: Your message of "Fri, 09 Mar 2001 22:04:32 GMT." <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> References: <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> Date: Fri, 09 Mar 2001 15:10:18 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200103092204.f29M4Wu05447@hak.lan.Awfulhak.org> Brian Somers writes: : > In message <200103092125.f29LPlu04957@hak.lan.Awfulhak.org> Brian Somers writes: : > : Eivind has some patches in the pipeline here to return errors rather : > : than truncating host names, so it was his work that found the actual : > : overrun.... I figured I'd commit this and possibly ask for an MFC : > : RSN so that we get this fixed for the -stable release. : > : : > : Ta. : > : -- : > : Brian : > : : > : Don't _EVER_ lose your sense of humour ! : > : : > : Index: realhostname.c : > : =================================================================== : > : RCS file: /home/ncvs/src/lib/libutil/realhostname.c,v : > : retrieving revision 1.10 : > : diff -u -r1.10 realhostname.c : > : --- realhostname.c 2001/01/28 21:51:25 1.10 : > : +++ realhostname.c 2001/03/09 21:12:01 : > : @@ -52,7 +52,7 @@ : > : int : > : realhostname(char *host, size_t hsize, const struct in_addr *ip) : > : { : > : - char trimmed[MAXHOSTNAMELEN+1]; : > : + char trimmed[MAXHOSTNAMELEN]; : > : int result; : > : struct hostent *hp; : > : : > : @@ -136,15 +136,15 @@ : > : freeaddrinfo(ores); : > : goto numeric; : > : } : > : - strncpy(buf, ores->ai_canonname, : > : + strlcpy(buf, ores->ai_canonname, : > : sizeof(buf)); : > : trimdomain(buf, hsize); : > : - strncpy(host, buf, hsize); : > : - if (strlen(host) > hsize && : > : + if (strlen(buf) > hsize && : > : addr->sa_family == AF_INET) { : > : freeaddrinfo(ores); : > : goto numeric; : > : } : > : + strncpy(host, buf, hsize); : > : > Should likely use strlcpy. : : The returned string (host) is not meant to be terminated if the host : fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...). Then we should terminate it. That's a lame interface. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 14:10:49 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id F363937B718; Fri, 9 Mar 2001 14:10:46 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f29MAfI10984; Fri, 9 Mar 2001 15:10:41 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200103092210.f29MAfI10984@harmony.village.org> To: Brian Somers Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Cc: freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG In-reply-to: Your message of "Fri, 09 Mar 2001 22:06:20 GMT." <200103092206.f29M6Ku05464@hak.lan.Awfulhak.org> References: <200103092206.f29M6Ku05464@hak.lan.Awfulhak.org> Date: Fri, 09 Mar 2001 15:10:41 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200103092206.f29M6Ku05464@hak.lan.Awfulhak.org> Brian Somers writes: : > In message <200103092138.f29Lc8I10799@harmony.village.org> Warner Losh writes: : > : : Eivind has some patches in the pipeline here to return errors rather : > : : than truncating host names, so it was his work that found the actual : > : : overrun.... I figured I'd commit this and possibly ask for an MFC : > : : RSN so that we get this fixed for the -stable release. : > : > On second thought, I don't think we want to rush these into -stable. : : I figured a buffer overrun was grounds to ``rush'', but if the : concensus is not to, that's ok. After all, it is a *read* overrun : that isn't really going to do any harm. Generally yes, but in this case the case is unclear. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 14:22: 3 2001 Delivered-To: freebsd-audit@freebsd.org Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252]) by hub.freebsd.org (Postfix) with ESMTP id C6FF437B718; Fri, 9 Mar 2001 14:21:49 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.2/8.11.2) with ESMTP id f29MNOC89005; Fri, 9 Mar 2001 22:23:24 GMT (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f29MOZu05704; Fri, 9 Mar 2001 22:24:35 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200103092224.f29MOZu05704@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Warner Losh Cc: Brian Somers , freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix In-Reply-To: Message from Warner Losh of "Fri, 09 Mar 2001 15:10:18 MST." <200103092210.f29MAII10967@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Mar 2001 22:24:35 +0000 From: Brian Somers Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [.....] } > : > : + strncpy(host, buf, hsize); > : > > : > Should likely use strlcpy. > : > : The returned string (host) is not meant to be terminated if the host > : fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...). > > Then we should terminate it. That's a lame interface. It's a practical interface. It's also a public interface :*) > Warner -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 14:27: 6 2001 Delivered-To: freebsd-audit@freebsd.org Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 04CAC37B71B; Fri, 9 Mar 2001 14:27:03 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f29MQqI11070; Fri, 9 Mar 2001 15:26:52 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200103092226.f29MQqI11070@harmony.village.org> To: Brian Somers Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix Cc: freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG In-reply-to: Your message of "Fri, 09 Mar 2001 22:24:35 GMT." <200103092224.f29MOZu05704@hak.lan.Awfulhak.org> References: <200103092224.f29MOZu05704@hak.lan.Awfulhak.org> Date: Fri, 09 Mar 2001 15:26:52 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200103092224.f29MOZu05704@hak.lan.Awfulhak.org> Brian Somers writes: : [.....] } : > : > : + strncpy(host, buf, hsize); : > : > : > : > Should likely use strlcpy. : > : : > : The returned string (host) is not meant to be terminated if the host : > : fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...). : > : > Then we should terminate it. That's a lame interface. : : It's a practical interface. It's also a public interface :*) Ummm, it is lame in that it doesn't NUL termniate. Is it a standard, or can we change it. If we lose one character for utmp, I don't care. Intefaces like this are inharently lame and should not be encouraged and actively discouraged when possible. That's what I'm doing right now. Actively discouraging it and trying to get it changed. Warmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Mar 9 15: 1:35 2001 Delivered-To: freebsd-audit@freebsd.org Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252]) by hub.freebsd.org (Postfix) with ESMTP id 0086237B71A; Fri, 9 Mar 2001 15:01:29 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.2/8.11.2) with ESMTP id f29N3BC89177; Fri, 9 Mar 2001 23:03:11 GMT (envelope-from brian@lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f29N4Lu06233; Fri, 9 Mar 2001 23:04:21 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200103092304.f29N4Lu06233@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: Warner Losh Cc: Brian Somers , freebsd-audit@FreeBSD.ORG, eivind@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: libutil/MAXHOSTNAMELEN changes - plus a buffer overrun fix In-Reply-To: Message from Warner Losh of "Fri, 09 Mar 2001 15:26:52 MST." <200103092226.f29MQqI11070@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Mar 2001 23:04:21 +0000 From: Brian Somers Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > In message <200103092224.f29MOZu05704@hak.lan.Awfulhak.org> Brian Somers writes: > : [.....] } > : > : > : + strncpy(host, buf, hsize); > : > : > > : > : > Should likely use strlcpy. > : > : > : > : The returned string (host) is not meant to be terminated if the host > : > : fits exactly - eg, realhostname(ut.ut_host, UT_HOSTSIZE, ...). > : > > : > Then we should terminate it. That's a lame interface. > : > : It's a practical interface. It's also a public interface :*) > > Ummm, it is lame in that it doesn't NUL termniate. Is it a standard, > or can we change it. If we lose one character for utmp, I don't > care. Intefaces like this are inharently lame and should not be > encouraged and actively discouraged when possible. That's what I'm > doing right now. Actively discouraging it and trying to get it changed. If this is asked in a public forum, it'll start a thread about making the format of utmp sane. I believe this is a good idea - all we need to do is find someone willing to do it :-) WRT changing what realhostname() does... we would also need to change trimdomain() (similar semantics WRT not being NUL terminated if the result is the exact size of the buffer). They both arrived at the same time (I invented them so that /usr/libexec/* could be consistent in the way it did the reverse/forward lookups on IPs and in the way it made utmp entries), but they're both documented so may be used by the outside world.... What we *really* need is proper library versioning - something I'm getting more and more tempted to implement ! Then we could just change things :-) Anyway, I think the answer is that we should fix what's there now, and think about making what's there more sane later. > Warmer Heh :-) -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message