Date: Sun, 25 Jan 2015 19:45:44 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r277709 - head/sys/netinet Message-ID: <201501251945.t0PJjikt046431@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Sun Jan 25 19:45:44 2015 New Revision: 277709 URL: https://svnweb.freebsd.org/changeset/base/277709 Log: Use an sbuf to generate the output of the net.inet.tcp.hostcache.list sysctl to avoid a possible buffer overflow if the cache grows while the text is being generated. PR: 172675 MFC after: 2 weeks Modified: head/sys/netinet/tcp_hostcache.c Modified: head/sys/netinet/tcp_hostcache.c ============================================================================== --- head/sys/netinet/tcp_hostcache.c Sun Jan 25 19:21:37 2015 (r277708) +++ head/sys/netinet/tcp_hostcache.c Sun Jan 25 19:45:44 2015 (r277709) @@ -73,6 +73,7 @@ __FBSDID("$FreeBSD$"); #include <sys/lock.h> #include <sys/mutex.h> #include <sys/malloc.h> +#include <sys/sbuf.h> #include <sys/socket.h> #include <sys/socketvar.h> #include <sys/sysctl.h> @@ -595,30 +596,27 @@ tcp_hc_update(struct in_conninfo *inc, s static int sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS) { - int bufsize; int linesize = 128; - char *p, *buf; - int len, i, error; + struct sbuf sb; + int i, error; struct hc_metrics *hc_entry; #ifdef INET6 char ip6buf[INET6_ADDRSTRLEN]; #endif - bufsize = linesize * (V_tcp_hostcache.cache_count + 1); + sbuf_new(&sb, NULL, linesize * (V_tcp_hostcache.cache_count + 1), + SBUF_FIXEDLEN); - p = buf = (char *)malloc(bufsize, M_TEMP, M_WAITOK|M_ZERO); - - len = snprintf(p, linesize, - "\nIP address MTU SSTRESH RTT RTTVAR BANDWIDTH " + sbuf_printf(&sb, + "\nIP address MTU SSTRESH RTT RTTVAR BANDWIDTH " " CWND SENDPIPE RECVPIPE HITS UPD EXP\n"); - p += len; #define msec(u) (((u) + 500) / 1000) for (i = 0; i < V_tcp_hostcache.hashsize; i++) { THC_LOCK(&V_tcp_hostcache.hashbase[i].hch_mtx); TAILQ_FOREACH(hc_entry, &V_tcp_hostcache.hashbase[i].hch_bucket, rmx_q) { - len = snprintf(p, linesize, + sbuf_printf(&sb, "%-15s %5lu %8lu %6lums %6lums %9lu %8lu %8lu %8lu " "%4lu %4lu %4i\n", hc_entry->ip4.s_addr ? inet_ntoa(hc_entry->ip4) : @@ -640,13 +638,13 @@ sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS) hc_entry->rmx_hits, hc_entry->rmx_updates, hc_entry->rmx_expire); - p += len; } THC_UNLOCK(&V_tcp_hostcache.hashbase[i].hch_mtx); } #undef msec - error = SYSCTL_OUT(req, buf, p - buf); - free(buf, M_TEMP); + sbuf_finish(&sb); + error = SYSCTL_OUT(req, sbuf_data(&sb), sbuf_len(&sb)); + sbuf_delete(&sb); return(error); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501251945.t0PJjikt046431>