Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Apr 2010 03:15:00 +0000 (UTC)
From:      Alfred Perlstein <alfred@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r207418 - head/sys/kern
Message-ID:  <201004300315.o3U3F049041614@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: alfred
Date: Fri Apr 30 03:15:00 2010
New Revision: 207418
URL: http://svn.freebsd.org/changeset/base/207418

Log:
  Avoid allocating MAXHOSTNAMELEN bytes on the stack in expand_name(),
  use the heap instead.
  
  Obtained from: Juniper Networks
  
  Reviewed by:	jhb

Modified:
  head/sys/kern/kern_sig.c

Modified: head/sys/kern/kern_sig.c
==============================================================================
--- head/sys/kern/kern_sig.c	Fri Apr 30 03:14:47 2010	(r207417)
+++ head/sys/kern/kern_sig.c	Fri Apr 30 03:15:00 2010	(r207418)
@@ -3004,8 +3004,9 @@ expand_name(const char *name, uid_t uid,
 	char *temp;
 	size_t i;
 	int indexpos;
-	char hostname[MAXHOSTNAMELEN];
+	char *hostname;
 	
+	hostname = NULL;
 	format = corefilename;
 	temp = malloc(MAXPATHLEN, M_TEMP, M_NOWAIT | M_ZERO);
 	if (temp == NULL)
@@ -3021,8 +3022,21 @@ expand_name(const char *name, uid_t uid,
 				sbuf_putc(&sb, '%');
 				break;
 			case 'H':	/* hostname */
+				if (hostname == NULL) {
+					hostname = malloc(MAXHOSTNAMELEN,
+					    M_TEMP, M_NOWAIT);
+					if (hostname == NULL) {
+						log(LOG_ERR,
+						    "pid %ld (%s), uid (%lu): "
+						    "unable to alloc memory "
+						    "for corefile hostname\n",
+						    (long)pid, name,
+						    (u_long)uid);
+                                                goto nomem;
+                                        }
+                                }
 				getcredhostname(td->td_ucred, hostname,
-				    sizeof(hostname));
+				    MAXHOSTNAMELEN);
 				sbuf_printf(&sb, "%s", hostname);
 				break;
 			case 'I':       /* autoincrementing index */
@@ -3048,15 +3062,17 @@ expand_name(const char *name, uid_t uid,
 			sbuf_putc(&sb, format[i]);
 		}
 	}
+	free(hostname, M_TEMP);
 #ifdef COMPRESS_USER_CORES
 	if (compress) {
 		sbuf_printf(&sb, GZ_SUFFIX);
 	}
 #endif
 	if (sbuf_overflowed(&sb)) {
-		sbuf_delete(&sb);
 		log(LOG_ERR, "pid %ld (%s), uid (%lu): corename is too "
 		    "long\n", (long)pid, name, (u_long)uid);
+nomem:
+		sbuf_delete(&sb);
 		free(temp, M_TEMP);
 		return (NULL);
 	}

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004300315.o3U3F049041614>