From owner-svn-src-head@freebsd.org Mon May 18 15:48:48 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BD4512CDCBF; Mon, 18 May 2020 15:48:48 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-oi1-f179.google.com (mail-oi1-f179.google.com [209.85.167.179]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49Qk2R7233z3g3q; Mon, 18 May 2020 15:48:47 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-oi1-f179.google.com with SMTP id j145so9380338oib.5; Mon, 18 May 2020 08:48:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=htTzkF+TJq7AQeybmcf2Rgzje+mu/+lwQh9Be6kiAtc=; b=PR49OVJO7no1UjU6vFwwJQAeimZgYxma5cXnpQdqZ3lQZbhuOGvmFfgVQwB0dXhEue ye4Ool+ENknIVijhToovbpIrQDWJOGN0Lvt5LI0GYINbUG/4urwxUuawj9HrX09sNm23 wMb/0EWiHKoo1lYHtQED2tWMHqgIUwMniCWk6UyGAVK8aEQ6Mg8K+FQASMbftIMC+ZPs DwOfKjI8/vN7k/iu5/W+t4lCGCyP/mGl/L0LlRRjr7si7sP+vdAY1pJ/zGH3TMvyUDpy PW4gMtGMoDt8Ggr49fo1xynqb/s9vDEiXxuWBauR4MMp/YQTE91/YD0yd/9/IvgMFn5y Mosg== X-Gm-Message-State: AOAM533RoP2lx2LyddqQ20wUkssac9+nnRzsl+pLxqPbrUd1nRKd5ozF J5BTOl+HoeWXtMFHXvJ2hochaMrr X-Google-Smtp-Source: ABdhPJxVCtdfutemh9Q/cLwXTlnipKRgcg/2b4WmVH7JMDVox4RySNNHSJb65fgbKgQvXHzXi3X3pQ== X-Received: by 2002:aca:af15:: with SMTP id y21mr15316oie.124.1589816926082; Mon, 18 May 2020 08:48:46 -0700 (PDT) Received: from mail-oi1-f170.google.com (mail-oi1-f170.google.com. [209.85.167.170]) by smtp.gmail.com with ESMTPSA id 97sm3010224otm.78.2020.05.18.08.48.45 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 18 May 2020 08:48:45 -0700 (PDT) Received: by mail-oi1-f170.google.com with SMTP id 19so9367850oiy.8; Mon, 18 May 2020 08:48:45 -0700 (PDT) X-Received: by 2002:aca:a854:: with SMTP id r81mr11573319oie.81.1589816924905; Mon, 18 May 2020 08:48:44 -0700 (PDT) MIME-Version: 1.0 References: <202005181007.04IA713t089936@repo.freebsd.org> In-Reply-To: Reply-To: cem@freebsd.org From: Conrad Meyer Date: Mon, 18 May 2020 08:48:33 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r361209 - head/sys/netinet To: Michael Tuexen Cc: src-committers , svn-src-all , svn-src-head Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 49Qk2R7233z3g3q X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of csecem@gmail.com designates 209.85.167.179 as permitted sender) smtp.mailfrom=csecem@gmail.com X-Spamd-Result: default: False [0.35 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[cem@freebsd.org]; FROM_NEQ_ENVFROM(0.00)[cem@freebsd.org,csecem@gmail.com]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[freebsd.org]; TO_DN_ALL(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[209.85.167.179:from]; NEURAL_SPAM_SHORT(0.35)[0.352]; FORGED_SENDER(0.30)[cem@freebsd.org,csecem@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.167.179:from]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; MIME_TRACE(0.00)[0:+]; TAGGED_FROM(0.00)[] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 May 2020 15:48:48 -0000 (In fact, I don't believe snprintf(9) can return a negative value at all. And snprintf(3) will only do so in some special circumstances for features snprintf(9) does not support: buffer size or formatted result longer than INT_MAX; invalid *nn$ field width or precision specifiers. I don't think either case applies to these strings, although I did not read all of them thoroughly.) On Mon, May 18, 2020 at 8:38 AM Conrad Meyer wrote: > > Hi Michael, > > These changes are a bit odd. The only reason a standards-compliant > snprintf() would fail to nul-terminate a buffer is if the provided > buffer had length zero. Since this is not the case in any of these > uses, I wonder why this revision was made? Does a SCTP downstream > have a broken snprintf implementation, and if so, wouldn't it make > more sense to create a standards-compliant portability shim for that > platform instead of this more invasive change? > > FreeBSD's snprintf(9) does not have this bug, nor does its snprintf(3). > > Best regards, > Conrad > > On Mon, May 18, 2020 at 3:07 AM Michael Tuexen wrote: > > > > Author: tuexen > > Date: Mon May 18 10:07:01 2020 > > New Revision: 361209 > > URL: https://svnweb.freebsd.org/changeset/base/361209 > > > > Log: > > Handle failures of snprintf(). > > > > MFC after: 3 days > > > > Modified: > > head/sys/netinet/sctp_asconf.c > > head/sys/netinet/sctp_indata.c > > head/sys/netinet/sctp_input.c > > head/sys/netinet/sctp_output.c > > head/sys/netinet/sctp_pcb.c > > > > Modified: head/sys/netinet/sctp_asconf.c > > ============================================================================== > > --- head/sys/netinet/sctp_asconf.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_asconf.c Mon May 18 10:07:01 2020 (r361209) > > @@ -1706,8 +1706,9 @@ sctp_handle_asconf_ack(struct mbuf *m, int offset, > > char msg[SCTP_DIAG_INFO_LEN]; > > > > SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got unexpected next serial number! Aborting asoc!\n"); > > - snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", > > - serial_num); > > + if (snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", serial_num) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > > *abort_no_unlock = 1; > > > > Modified: head/sys/netinet/sctp_indata.c > > ============================================================================== > > --- head/sys/netinet/sctp_indata.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_indata.c Mon May 18 10:07:01 2020 (r361209) > > @@ -434,22 +434,26 @@ sctp_abort_in_reasm(struct sctp_tcb *stcb, > > struct mbuf *oper; > > > > if (stcb->asoc.idata_supported) { > > - snprintf(msg, sizeof(msg), > > + if (snprintf(msg, sizeof(msg), > > "Reass %x,CF:%x,TSN=%8.8x,SID=%4.4x,FSN=%8.8x,MID:%8.8x", > > opspot, > > control->fsn_included, > > chk->rec.data.tsn, > > chk->rec.data.sid, > > - chk->rec.data.fsn, chk->rec.data.mid); > > + chk->rec.data.fsn, chk->rec.data.mid) < 0) { > > + msg[0] = '\0'; > > + } > > } else { > > - snprintf(msg, sizeof(msg), > > + if (snprintf(msg, sizeof(msg), > > "Reass %x,CI:%x,TSN=%8.8x,SID=%4.4x,FSN=%4.4x,SSN:%4.4x", > > opspot, > > control->fsn_included, > > chk->rec.data.tsn, > > chk->rec.data.sid, > > chk->rec.data.fsn, > > - (uint16_t)chk->rec.data.mid); > > + (uint16_t)chk->rec.data.mid) < 0) { > > + msg[0] = '\0'; > > + } > > } > > oper = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > sctp_m_freem(chk->data); > > @@ -533,15 +537,19 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, > > */ > > TAILQ_INSERT_HEAD(&strm->inqueue, control, next_instrm); > > if (asoc->idata_supported) { > > - snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > > + if (snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > > strm->last_mid_delivered, control->sinfo_tsn, > > - control->sinfo_stream, control->mid); > > + control->sinfo_stream, control->mid) < 0) { > > + msg[0] = '\0'; > > + } > > } else { > > - snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > > + if (snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > > (uint16_t)strm->last_mid_delivered, > > control->sinfo_tsn, > > control->sinfo_stream, > > - (uint16_t)control->mid); > > + (uint16_t)control->mid) < 0) { > > + msg[0] = '\0'; > > + } > > } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2; > > @@ -648,9 +656,10 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, > > * to put it on the queue. > > */ > > if (sctp_place_control_in_stream(strm, asoc, control)) { > > - snprintf(msg, sizeof(msg), > > - "Queue to str MID: %u duplicate", > > - control->mid); > > + if (snprintf(msg, sizeof(msg), > > + "Queue to str MID: %u duplicate", control->mid) < 0) { > > + msg[0] = '\0'; > > + } > > sctp_clean_up_control(stcb, control); > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3; > > @@ -1881,8 +1890,9 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > * can *not* be fsn 0. XXX: This can happen in case of a > > * wrap around. Ignore is for now. > > */ > > - snprintf(msg, sizeof(msg), "FSN zero for MID=%8.8x, but flags=%2.2x", > > - mid, chk_flags); > > + if (snprintf(msg, sizeof(msg), "FSN zero for MID=%8.8x, but flags=%2.2x", mid, chk_flags) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } > > control = sctp_find_reasm_entry(&asoc->strmin[sid], mid, ordered, asoc->idata_supported); > > @@ -1893,7 +1903,9 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > if (control != NULL) { > > /* We found something, does it belong? */ > > if (ordered && (mid != control->mid)) { > > - snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid); > > + if (snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid) < 0) { > > + msg[0] = '\0'; > > + } > > err_out: > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16; > > @@ -1906,8 +1918,11 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > * We can't have a switched order with an > > * unordered chunk > > */ > > - snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > > - tsn); > > + if (snprintf(msg, sizeof(msg), > > + "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > > + tsn) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } > > if (!ordered && (((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) == 0)) { > > @@ -1915,8 +1930,11 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > * We can't have a switched unordered with a > > * ordered chunk > > */ > > - snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > > - tsn); > > + if (snprintf(msg, sizeof(msg), > > + "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > > + tsn) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } > > } > > @@ -1930,12 +1948,18 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > if (ordered || asoc->idata_supported) { > > SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags: 0x%x dup detected on MID: %u\n", > > chk_flags, mid); > > - snprintf(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid); > > + if (snprintf(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } else { > > if ((tsn == control->fsn_included + 1) && > > (control->end_added == 0)) { > > - snprintf(msg, sizeof(msg), "Illegal message sequence, missing end for MID: %8.8x", control->fsn_included); > > + if (snprintf(msg, sizeof(msg), > > + "Illegal message sequence, missing end for MID: %8.8x", > > + control->fsn_included) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } else { > > control = NULL; > > @@ -2032,17 +2056,21 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > mid, asoc->strmin[sid].last_mid_delivered); > > > > if (asoc->idata_supported) { > > - snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > > + if (snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > > asoc->strmin[sid].last_mid_delivered, > > tsn, > > sid, > > - mid); > > + mid) < 0) { > > + msg[0] = '\0'; > > + } > > } else { > > - snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > > + if (snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > > (uint16_t)asoc->strmin[sid].last_mid_delivered, > > tsn, > > sid, > > - (uint16_t)mid); > > + (uint16_t)mid) < 0) { > > + msg[0] = '\0'; > > + } > > } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17; > > @@ -2769,7 +2797,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated"); > > + if (snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated") < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_20; > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -2780,7 +2810,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated"); > > + if (snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated") < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21; > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -2803,9 +2835,11 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "%s chunk of length %u", > > + if (snprintf(msg, sizeof(msg), "%s chunk of length %u", > > ch->chunk_type == SCTP_DATA ? "DATA" : "I-DATA", > > - chk_length); > > + chk_length) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_22; > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -2874,8 +2908,10 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x", > > - ch->chunk_type); > > + if (snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x", > > + ch->chunk_type) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > return (2); > > @@ -2893,8 +2929,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "Chunk of length %u", > > - chk_length); > > + if (snprintf(msg, sizeof(msg), "Chunk of length %u", chk_length) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_23; > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -4043,8 +4080,11 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32 > > > > *abort_now = 1; > > /* XXX */ > > - snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", > > - cumack, send_s); > > + if (snprintf(msg, sizeof(msg), > > + "Cum ack %8.8x greater or equal than TSN %8.8x", > > + cumack, send_s) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24; > > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -4585,8 +4625,11 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int o > > hopeless_peer: > > *abort_now = 1; > > /* XXX */ > > - snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", > > - cum_ack, send_s); > > + if (snprintf(msg, sizeof(msg), > > + "Cum ack %8.8x greater or equal than TSN %8.8x", > > + cum_ack, send_s) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_28; > > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -5629,9 +5672,11 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, > > * give out). This must be an attacker. > > */ > > *abort_flag = 1; > > - snprintf(msg, sizeof(msg), > > + if (snprintf(msg, sizeof(msg), > > "New cum ack %8.8x too high, highest TSN %8.8x", > > - new_cum_tsn, asoc->highest_tsn_inside_map); > > + new_cum_tsn, asoc->highest_tsn_inside_map) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_36; > > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > > > > Modified: head/sys/netinet/sctp_input.c > > ============================================================================== > > --- head/sys/netinet/sctp_input.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_input.c Mon May 18 10:07:01 2020 (r361209) > > @@ -4692,7 +4692,9 @@ sctp_process_control(struct mbuf *m, int iphlen, int * > > } > > } > > if (stcb == NULL) { > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > /* no association, so it's out of the blue... */ > > @@ -4734,7 +4736,9 @@ sctp_process_control(struct mbuf *m, int iphlen, int * > > if (stcb != NULL) { > > SCTP_TCB_UNLOCK(stcb); > > } > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_handle_ootb(m, iphlen, *offset, src, dst, > > @@ -5671,7 +5675,9 @@ sctp_common_input_processing(struct mbuf **mm, int iph > > SCTP_TCB_UNLOCK(stcb); > > stcb = NULL; > > SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, > > @@ -5733,7 +5739,9 @@ sctp_common_input_processing(struct mbuf **mm, int iph > > if (stcb == NULL) { > > /* out of the blue DATA chunk */ > > SCTP_PROBE5(receive, NULL, NULL, m, NULL, sh); > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, > > @@ -5799,7 +5807,9 @@ sctp_common_input_processing(struct mbuf **mm, int iph > > /* > > * We consider OOTB any data sent during asoc setup. > > */ > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, > > > > Modified: head/sys/netinet/sctp_output.c > > ============================================================================== > > --- head/sys/netinet/sctp_output.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_output.c Mon May 18 10:07:01 2020 (r361209) > > @@ -5581,7 +5581,9 @@ do_a_abort: > > if (op_err == NULL) { > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > } > > @@ -6758,8 +6760,10 @@ sctp_sendall_iterator(struct sctp_inpcb *inp, struct s > > char msg[SCTP_DIAG_INFO_LEN]; > > > > abort_anyway: > > - snprintf(msg, sizeof(msg), > > - "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), > > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > atomic_add_int(&stcb->asoc.refcnt, 1); > > @@ -9626,8 +9630,10 @@ sctp_chunk_retransmission(struct sctp_inpcb *inp, > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up", > > - chk->rec.data.tsn, chk->snd_count); > > + if (snprintf(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up", > > + chk->rec.data.tsn, chk->snd_count) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > atomic_add_int(&stcb->asoc.refcnt, 1); > > @@ -13610,8 +13616,10 @@ dataless_eof: > > atomic_add_int(&stcb->asoc.refcnt, -1); > > free_cnt_applied = 0; > > } > > - snprintf(msg, sizeof(msg), > > - "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), > > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > NET_EPOCH_ENTER(et); > > > > Modified: head/sys/netinet/sctp_pcb.c > > ============================================================================== > > --- head/sys/netinet/sctp_pcb.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_pcb.c Mon May 18 10:07:01 2020 (r361209) > > @@ -544,9 +544,13 @@ sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint3 > > atomic_add_int(&vrf->refcount, 1); > > sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family); > > if (if_name != NULL) { > > - snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name); > > + if (snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name) < 0) { > > + sctp_ifnp->ifn_name[0] = '\0'; > > + } > > } else { > > - snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown"); > > + if (snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown") < 0) { > > + sctp_ifnp->ifn_name[0] = '\0'; > > + } > > } > > hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))]; > > LIST_INIT(&sctp_ifnp->ifalist); > > @@ -6221,8 +6225,10 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s > > * in setup state we > > * abort this guy > > */ > > - snprintf(msg, sizeof(msg), > > - "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), > > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_abort_an_association(stcb_tmp->sctp_ep, > > @@ -6321,8 +6327,10 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s > > * in setup state we > > * abort this guy > > */ > > - snprintf(msg, sizeof(msg), > > - "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), > > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_abort_an_association(stcb_tmp->sctp_ep,