Date: Fri, 6 Mar 2009 18:20:03 GMT From: Dylan Cochran <a134qaed@gmail.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/132104: kenv buffer overflow Message-ID: <200903061820.n26IK38Q014080@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/132104; it has been noted by GNATS. From: Dylan Cochran <a134qaed@gmail.com> To: bug-followup <bug-followup@freebsd.org> Cc: Jaakko Heinonen <jh@saunalahti.fi> Subject: Re: kern/132104: kenv buffer overflow Date: Fri, 6 Mar 2009 13:13:54 -0500 --00163616451b6c31690464773f1a Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Second patch, after a conversation with rwatson about locking on malloc, I decided to allow a race condition to occur, and bounded it with an incrementing counter. If we lose the race, we loop up to 6 times, then return null. Since the values chosen for the sleep time and count are arbitrary, I added printf's so I could view the frequencies when races were lost. So far it never happens, so I believe that to be sufficient. Please note I am not a C language expert, nor am I intimately familiar with kernel programming. I appreciate any pointers. :) --00163616451b6c31690464773f1a Content-Type: application/octet-stream; name="kenv.diff" Content-Disposition: attachment; filename="kenv.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_frz6npga0 LS0tIHN5cy9rZXJuL2tlcm5fZW52aXJvbm1lbnQuYwkyMDA5LTAyLTIwIDEyOjMxOjM2LjAwMDAw MDAwMCAtMDUwMAorKysgc3lzL2tlcm4va2Vybl9lbnZpcm9ubWVudC5jCTIwMDktMDMtMDMgMjI6 NDU6MTkuMDAwMDAwMDAwIC0wNTAwCkBAIC0yOTMsMjIgKzI5MywzNCBAQAogY2hhciAqCiBnZXRl bnYoY29uc3QgY2hhciAqbmFtZSkKIHsKLQljaGFyIGJ1ZltLRU5WX01OQU1FTEVOICsgMSArIEtF TlZfTVZBTExFTiArIDFdOwogCWNoYXIgKnJldCwgKmNwOwotCWludCBsZW47CisJaW50IGxlbiA9 IDA7CisJaW50IGNvdW50ID0gMDsKIAogCWlmIChkeW5hbWljX2tlbnYpIHsKLQkJbXR4X2xvY2so JmtlbnZfbG9jayk7Ci0JCWNwID0gX2dldGVudl9keW5hbWljKG5hbWUsIE5VTEwpOwotCQlpZiAo Y3AgIT0gTlVMTCkgewotCQkJc3RyY3B5KGJ1ZiwgY3ApOwotCQkJbXR4X3VubG9jaygma2Vudl9s b2NrKTsKLQkJCWxlbiA9IHN0cmxlbihidWYpICsgMTsKLQkJCXJldCA9IG1hbGxvYyhsZW4sIE1f S0VOViwgTV9XQUlUT0spOwotCQkJc3RyY3B5KHJldCwgYnVmKTsKLQkJfSBlbHNlIHsKLQkJCW10 eF91bmxvY2soJmtlbnZfbG9jayk7CisJCXdoaWxlIChjb3VudCA8PSA1KSB7CiAJCQlyZXQgPSBO VUxMOworCQkJbXR4X2xvY2soJmtlbnZfbG9jayk7CisJCQljcCA9IF9nZXRlbnZfZHluYW1pYyhu YW1lLCBOVUxMKTsKKwkJCWlmIChjcCAhPSBOVUxMKSB7CisJCQkJbGVuID0gc3RybGVuKGNwKSAr IDE7CisJCQkJbXR4X3VubG9jaygma2Vudl9sb2NrKTsKKwkJCQlyZXQgPSBtYWxsb2MobGVuLCBN X0tFTlYsIE1fV0FJVE9LIHwgTV9aRVJPKTsKKwkJCQlzdHJuY3B5KHJldCwgY3AsIGxlbik7CisJ CQkJLyogSWYgdGhlIGxhc3QgYnl0ZSBvZiByZXQgaXMgemVybywgdGhlbiB3ZSB3b24gdGhlIHJh Y2UsIHNsZWVwIGFuZCB0cnkgYWdhaW4uICovCisJCQkJcHJpbnRmKCJrZW52MDogbmFtZT0lcyBs ZW5ndGg9JWQgY291bnQ9JXhcbiIsIG5hbWUsIGxlbiwgY291bnQpOworCQkJCWlmIChyZXRbbGVu XSA9PSAnXHgwMCcpIHsKKwkJCQkJcHJpbnRmKCJrZW52MDogZGF0YT0lc1xuIiwgcmV0KTsKKwkJ CQkJYnJlYWs7CisJCQkJfQorCQkJfSBlbHNlIHsKKwkJCQltdHhfdW5sb2NrKCZrZW52X2xvY2sp OworCQkJCXJldCA9IE5VTEw7CisJCQkJYnJlYWs7CisJCQl9CisJCQljb3VudCsrOworCQkJZnJl ZShyZXQsIE1fS0VOVik7CisJCQl0c2xlZXAoY3AsIDAsICJrZW52c2wiLCAxKTsKIAkJfQogCX0g ZWxzZQogCQlyZXQgPSBfZ2V0ZW52X3N0YXRpYyhuYW1lKTsK --00163616451b6c31690464773f1a--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903061820.n26IK38Q014080>