From owner-svn-src-head@freebsd.org Mon May 18 15:39:01 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BB2132CDF29; Mon, 18 May 2020 15:39:01 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-ot1-f52.google.com (mail-ot1-f52.google.com [209.85.210.52]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49Qjq93YY8z3fdZ; Mon, 18 May 2020 15:39:01 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-ot1-f52.google.com with SMTP id a68so8379554otb.10; Mon, 18 May 2020 08:39:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=0LcTR2IyUtvqpuiuc1h/s5Tf2+kg7L56DEidAlFsuF0=; b=IR+K7Lmx8chNL/63lakbKE+yY4DVWHoNp6/q9Xex33kWGe2SEe2oDneqWTvS4g++GT gzTFYbQdNWN7yL5X96QYzeb5dtOPsVicwcdysLZGkqueXmCo7mGiUcdId8G2FUO8RoOJ ZokrK+0IN3rPQvHoly7U23ZlY7cskYeomr+k+THMSbU5OTFoVdsTfFYc5B0H0II2juuM IkFbmt1O+7w8hi4XRExh3fkS/mpWzTRYsl+potGXDxDJqXxjtk9pMqw0tHFYctNUmptn 3bmRX9wMjrcefJHoJEYmlGI5kmg177/CXRv7V2ZLoUh+Qi54Wdu3IZUGzTWJQiR5ImMR yGGw== X-Gm-Message-State: AOAM530NTnypDqWeKhDNj+HKP8tKdKnoAU76AcYtni4m9XAHbMB58ggw PkmD7r2ZoRwoJAmWVUrPNYWrs57R X-Google-Smtp-Source: ABdhPJxjXgjIn77zot3e2DwOksAIvG40M3hPSfdwN7KfXaNix1XV4UC19Nc2aTeK/lTBIStd6O93gw== X-Received: by 2002:a9d:20e7:: with SMTP id x94mr7767162ota.260.1589816339308; Mon, 18 May 2020 08:38:59 -0700 (PDT) Received: from mail-oo1-f43.google.com (mail-oo1-f43.google.com. [209.85.161.43]) by smtp.gmail.com with ESMTPSA id p18sm2888714oth.2.2020.05.18.08.38.58 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 18 May 2020 08:38:59 -0700 (PDT) Received: by mail-oo1-f43.google.com with SMTP id a83so2119312oob.9; Mon, 18 May 2020 08:38:58 -0700 (PDT) X-Received: by 2002:a4a:9c09:: with SMTP id y9mr11834155ooj.43.1589816338243; Mon, 18 May 2020 08:38:58 -0700 (PDT) MIME-Version: 1.0 References: <202005181007.04IA713t089936@repo.freebsd.org> In-Reply-To: <202005181007.04IA713t089936@repo.freebsd.org> Reply-To: cem@freebsd.org From: Conrad Meyer Date: Mon, 18 May 2020 08:38:46 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r361209 - head/sys/netinet To: Michael Tuexen Cc: src-committers , svn-src-all , svn-src-head Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 49Qjq93YY8z3fdZ X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; TAGGED_FROM(0.00)[] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2020 15:39:01 -0000 Hi Michael, These changes are a bit odd. The only reason a standards-compliant snprintf() would fail to nul-terminate a buffer is if the provided buffer had length zero. Since this is not the case in any of these uses, I wonder why this revision was made? Does a SCTP downstream have a broken snprintf implementation, and if so, wouldn't it make more sense to create a standards-compliant portability shim for that platform instead of this more invasive change? FreeBSD's snprintf(9) does not have this bug, nor does its snprintf(3). Best regards, Conrad On Mon, May 18, 2020 at 3:07 AM Michael Tuexen wrote: > > Author: tuexen > Date: Mon May 18 10:07:01 2020 > New Revision: 361209 > URL: https://svnweb.freebsd.org/changeset/base/361209 > > Log: > Handle failures of snprintf(). > > MFC after: 3 days > > Modified: > head/sys/netinet/sctp_asconf.c > head/sys/netinet/sctp_indata.c > head/sys/netinet/sctp_input.c > head/sys/netinet/sctp_output.c > head/sys/netinet/sctp_pcb.c > > Modified: head/sys/netinet/sctp_asconf.c > ============================================================================== > --- head/sys/netinet/sctp_asconf.c Mon May 18 09:46:51 2020 (r361208) > +++ head/sys/netinet/sctp_asconf.c Mon May 18 10:07:01 2020 (r361209) > @@ -1706,8 +1706,9 @@ sctp_handle_asconf_ack(struct mbuf *m, int offset, > char msg[SCTP_DIAG_INFO_LEN]; > > SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got unexpected next serial number! Aborting asoc!\n"); > - snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", > - serial_num); > + if (snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", serial_num) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > *abort_no_unlock = 1; > > Modified: head/sys/netinet/sctp_indata.c > ============================================================================== > --- head/sys/netinet/sctp_indata.c Mon May 18 09:46:51 2020 (r361208) > +++ head/sys/netinet/sctp_indata.c Mon May 18 10:07:01 2020 (r361209) > @@ -434,22 +434,26 @@ sctp_abort_in_reasm(struct sctp_tcb *stcb, > struct mbuf *oper; > > if (stcb->asoc.idata_supported) { > - snprintf(msg, sizeof(msg), > + if (snprintf(msg, sizeof(msg), > "Reass %x,CF:%x,TSN=%8.8x,SID=%4.4x,FSN=%8.8x,MID:%8.8x", > opspot, > control->fsn_included, > chk->rec.data.tsn, > chk->rec.data.sid, > - chk->rec.data.fsn, chk->rec.data.mid); > + chk->rec.data.fsn, chk->rec.data.mid) < 0) { > + msg[0] = '\0'; > + } > } else { > - snprintf(msg, sizeof(msg), > + if (snprintf(msg, sizeof(msg), > "Reass %x,CI:%x,TSN=%8.8x,SID=%4.4x,FSN=%4.4x,SSN:%4.4x", > opspot, > control->fsn_included, > chk->rec.data.tsn, > chk->rec.data.sid, > chk->rec.data.fsn, > - (uint16_t)chk->rec.data.mid); > + (uint16_t)chk->rec.data.mid) < 0) { > + msg[0] = '\0'; > + } > } > oper = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > sctp_m_freem(chk->data); > @@ -533,15 +537,19 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, > */ > TAILQ_INSERT_HEAD(&strm->inqueue, control, next_instrm); > if (asoc->idata_supported) { > - snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > + if (snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > strm->last_mid_delivered, control->sinfo_tsn, > - control->sinfo_stream, control->mid); > + control->sinfo_stream, control->mid) < 0) { > + msg[0] = '\0'; > + } > } else { > - snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > + if (snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > (uint16_t)strm->last_mid_delivered, > control->sinfo_tsn, > control->sinfo_stream, > - (uint16_t)control->mid); > + (uint16_t)control->mid) < 0) { > + msg[0] = '\0'; > + } > } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2; > @@ -648,9 +656,10 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, > * to put it on the queue. > */ > if (sctp_place_control_in_stream(strm, asoc, control)) { > - snprintf(msg, sizeof(msg), > - "Queue to str MID: %u duplicate", > - control->mid); > + if (snprintf(msg, sizeof(msg), > + "Queue to str MID: %u duplicate", control->mid) < 0) { > + msg[0] = '\0'; > + } > sctp_clean_up_control(stcb, control); > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3; > @@ -1881,8 +1890,9 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > * can *not* be fsn 0. XXX: This can happen in case of a > * wrap around. Ignore is for now. > */ > - snprintf(msg, sizeof(msg), "FSN zero for MID=%8.8x, but flags=%2.2x", > - mid, chk_flags); > + if (snprintf(msg, sizeof(msg), "FSN zero for MID=%8.8x, but flags=%2.2x", mid, chk_flags) < 0) { > + msg[0] = '\0'; > + } > goto err_out; > } > control = sctp_find_reasm_entry(&asoc->strmin[sid], mid, ordered, asoc->idata_supported); > @@ -1893,7 +1903,9 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > if (control != NULL) { > /* We found something, does it belong? */ > if (ordered && (mid != control->mid)) { > - snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid); > + if (snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid) < 0) { > + msg[0] = '\0'; > + } > err_out: > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16; > @@ -1906,8 +1918,11 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > * We can't have a switched order with an > * unordered chunk > */ > - snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > - tsn); > + if (snprintf(msg, sizeof(msg), > + "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > + tsn) < 0) { > + msg[0] = '\0'; > + } > goto err_out; > } > if (!ordered && (((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) == 0)) { > @@ -1915,8 +1930,11 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > * We can't have a switched unordered with a > * ordered chunk > */ > - snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > - tsn); > + if (snprintf(msg, sizeof(msg), > + "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > + tsn) < 0) { > + msg[0] = '\0'; > + } > goto err_out; > } > } > @@ -1930,12 +1948,18 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > if (ordered || asoc->idata_supported) { > SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags: 0x%x dup detected on MID: %u\n", > chk_flags, mid); > - snprintf(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid); > + if (snprintf(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid) < 0) { > + msg[0] = '\0'; > + } > goto err_out; > } else { > if ((tsn == control->fsn_included + 1) && > (control->end_added == 0)) { > - snprintf(msg, sizeof(msg), "Illegal message sequence, missing end for MID: %8.8x", control->fsn_included); > + if (snprintf(msg, sizeof(msg), > + "Illegal message sequence, missing end for MID: %8.8x", > + control->fsn_included) < 0) { > + msg[0] = '\0'; > + } > goto err_out; > } else { > control = NULL; > @@ -2032,17 +2056,21 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > mid, asoc->strmin[sid].last_mid_delivered); > > if (asoc->idata_supported) { > - snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > + if (snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > asoc->strmin[sid].last_mid_delivered, > tsn, > sid, > - mid); > + mid) < 0) { > + msg[0] = '\0'; > + } > } else { > - snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > + if (snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > (uint16_t)asoc->strmin[sid].last_mid_delivered, > tsn, > sid, > - (uint16_t)mid); > + (uint16_t)mid) < 0) { > + msg[0] = '\0'; > + } > } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17; > @@ -2769,7 +2797,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > struct mbuf *op_err; > char msg[SCTP_DIAG_INFO_LEN]; > > - snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated"); > + if (snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated") < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_20; > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > @@ -2780,7 +2810,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > struct mbuf *op_err; > char msg[SCTP_DIAG_INFO_LEN]; > > - snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated"); > + if (snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated") < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21; > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > @@ -2803,9 +2835,11 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > struct mbuf *op_err; > char msg[SCTP_DIAG_INFO_LEN]; > > - snprintf(msg, sizeof(msg), "%s chunk of length %u", > + if (snprintf(msg, sizeof(msg), "%s chunk of length %u", > ch->chunk_type == SCTP_DATA ? "DATA" : "I-DATA", > - chk_length); > + chk_length) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_22; > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > @@ -2874,8 +2908,10 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > struct mbuf *op_err; > char msg[SCTP_DIAG_INFO_LEN]; > > - snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x", > - ch->chunk_type); > + if (snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x", > + ch->chunk_type) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > return (2); > @@ -2893,8 +2929,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > struct mbuf *op_err; > char msg[SCTP_DIAG_INFO_LEN]; > > - snprintf(msg, sizeof(msg), "Chunk of length %u", > - chk_length); > + if (snprintf(msg, sizeof(msg), "Chunk of length %u", chk_length) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_23; > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > @@ -4043,8 +4080,11 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32 > > *abort_now = 1; > /* XXX */ > - snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", > - cumack, send_s); > + if (snprintf(msg, sizeof(msg), > + "Cum ack %8.8x greater or equal than TSN %8.8x", > + cumack, send_s) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24; > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > @@ -4585,8 +4625,11 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int o > hopeless_peer: > *abort_now = 1; > /* XXX */ > - snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", > - cum_ack, send_s); > + if (snprintf(msg, sizeof(msg), > + "Cum ack %8.8x greater or equal than TSN %8.8x", > + cum_ack, send_s) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_28; > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > @@ -5629,9 +5672,11 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, > * give out). This must be an attacker. > */ > *abort_flag = 1; > - snprintf(msg, sizeof(msg), > + if (snprintf(msg, sizeof(msg), > "New cum ack %8.8x too high, highest TSN %8.8x", > - new_cum_tsn, asoc->highest_tsn_inside_map); > + new_cum_tsn, asoc->highest_tsn_inside_map) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_36; > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > > Modified: head/sys/netinet/sctp_input.c > ============================================================================== > --- head/sys/netinet/sctp_input.c Mon May 18 09:46:51 2020 (r361208) > +++ head/sys/netinet/sctp_input.c Mon May 18 10:07:01 2020 (r361209) > @@ -4692,7 +4692,9 @@ sctp_process_control(struct mbuf *m, int iphlen, int * > } > } > if (stcb == NULL) { > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > /* no association, so it's out of the blue... */ > @@ -4734,7 +4736,9 @@ sctp_process_control(struct mbuf *m, int iphlen, int * > if (stcb != NULL) { > SCTP_TCB_UNLOCK(stcb); > } > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > sctp_handle_ootb(m, iphlen, *offset, src, dst, > @@ -5671,7 +5675,9 @@ sctp_common_input_processing(struct mbuf **mm, int iph > SCTP_TCB_UNLOCK(stcb); > stcb = NULL; > SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, > @@ -5733,7 +5739,9 @@ sctp_common_input_processing(struct mbuf **mm, int iph > if (stcb == NULL) { > /* out of the blue DATA chunk */ > SCTP_PROBE5(receive, NULL, NULL, m, NULL, sh); > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, > @@ -5799,7 +5807,9 @@ sctp_common_input_processing(struct mbuf **mm, int iph > /* > * We consider OOTB any data sent during asoc setup. > */ > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, > > Modified: head/sys/netinet/sctp_output.c > ============================================================================== > --- head/sys/netinet/sctp_output.c Mon May 18 09:46:51 2020 (r361208) > +++ head/sys/netinet/sctp_output.c Mon May 18 10:07:01 2020 (r361209) > @@ -5581,7 +5581,9 @@ do_a_abort: > if (op_err == NULL) { > char msg[SCTP_DIAG_INFO_LEN]; > > - snprintf(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > } > @@ -6758,8 +6760,10 @@ sctp_sendall_iterator(struct sctp_inpcb *inp, struct s > char msg[SCTP_DIAG_INFO_LEN]; > > abort_anyway: > - snprintf(msg, sizeof(msg), > - "%s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > atomic_add_int(&stcb->asoc.refcnt, 1); > @@ -9626,8 +9630,10 @@ sctp_chunk_retransmission(struct sctp_inpcb *inp, > struct mbuf *op_err; > char msg[SCTP_DIAG_INFO_LEN]; > > - snprintf(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up", > - chk->rec.data.tsn, chk->snd_count); > + if (snprintf(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up", > + chk->rec.data.tsn, chk->snd_count) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > atomic_add_int(&stcb->asoc.refcnt, 1); > @@ -13610,8 +13616,10 @@ dataless_eof: > atomic_add_int(&stcb->asoc.refcnt, -1); > free_cnt_applied = 0; > } > - snprintf(msg, sizeof(msg), > - "%s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > NET_EPOCH_ENTER(et); > > Modified: head/sys/netinet/sctp_pcb.c > ============================================================================== > --- head/sys/netinet/sctp_pcb.c Mon May 18 09:46:51 2020 (r361208) > +++ head/sys/netinet/sctp_pcb.c Mon May 18 10:07:01 2020 (r361209) > @@ -544,9 +544,13 @@ sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint3 > atomic_add_int(&vrf->refcount, 1); > sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family); > if (if_name != NULL) { > - snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name); > + if (snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name) < 0) { > + sctp_ifnp->ifn_name[0] = '\0'; > + } > } else { > - snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown"); > + if (snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown") < 0) { > + sctp_ifnp->ifn_name[0] = '\0'; > + } > } > hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))]; > LIST_INIT(&sctp_ifnp->ifalist); > @@ -6221,8 +6225,10 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s > * in setup state we > * abort this guy > */ > - snprintf(msg, sizeof(msg), > - "%s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > sctp_abort_an_association(stcb_tmp->sctp_ep, > @@ -6321,8 +6327,10 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s > * in setup state we > * abort this guy > */ > - snprintf(msg, sizeof(msg), > - "%s:%d at %s", __FILE__, __LINE__, __func__); > + if (snprintf(msg, sizeof(msg), > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > + msg[0] = '\0'; > + } > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > msg); > sctp_abort_an_association(stcb_tmp->sctp_ep,