From owner-freebsd-commit Tue Nov 14 20:36:35 1995 Return-Path: owner-commit Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA09118 for freebsd-commit-outgoing; Tue, 14 Nov 1995 20:36:35 -0800 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA09101 for cvs-all-outgoing; Tue, 14 Nov 1995 20:36:27 -0800 Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA09087 for cvs-sys-outgoing; Tue, 14 Nov 1995 20:36:24 -0800 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id UAA09073 ; Tue, 14 Nov 1995 20:36:14 -0800 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id PAA17458; Wed, 15 Nov 1995 15:29:43 +1100 Date: Wed, 15 Nov 1995 15:29:43 +1100 From: Bruce Evans Message-Id: <199511150429.PAA17458@godzilla.zeta.org.au> To: peter@jhome.dialix.com, phk@critter.tfs.com Subject: Re: cvs commit: src/sys/kern kern_sysctl.c Cc: CVS-commiters@freefall.freebsd.org, cvs-sys@freefall.freebsd.org, phk@freefall.freebsd.org Sender: owner-commit@FreeBSD.ORG Precedence: bulk I noticed a whole class of (old) sysctl bugs. Consider e.g., setdomainname(). The string is copied in directly over the old string. If the copyin() faults, the old string is trashed. sysctl() returns EFAULT but the caller has no way of knowing if the old value is trashed. To avoid this, all copyin()s should go to temporary storage. The bad malloc() method worked better here :-). >The interface is badly designed, how about this one: > get some variable > old buffer too small, > new buffer correct. >it should return ENOMEM because it cannot copyout, but should the >new value be installed ? mpp and I fixed sysctl_string() to copyout as much as fits. 4.4lite2 is still broken here (it returns immediately). We decided to install the new value in the ENOMEM case. This is probably wrong. Bruce