Date: Sun, 22 Nov 2009 23:51:51 +0000 (UTC) From: Attilio Rao <attilio@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r199683 - stable/7/sys/kern Message-ID: <200911222351.nAMNpp5c033502@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: attilio Date: Sun Nov 22 23:51:51 2009 New Revision: 199683 URL: http://svn.freebsd.org/changeset/base/199683 Log: MFC r199209: Fix a potential buffer boundaries overflow in devclass_add_device() by using all available int lenghts digits for storing the information. Modified: stable/7/sys/kern/subr_bus.c Directory Properties: stable/7/sys/ (props changed) stable/7/sys/contrib/pf/ (props changed) Modified: stable/7/sys/kern/subr_bus.c ============================================================================== --- stable/7/sys/kern/subr_bus.c Sun Nov 22 23:46:44 2009 (r199682) +++ stable/7/sys/kern/subr_bus.c Sun Nov 22 23:51:51 2009 (r199683) @@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$"); #include <sys/lock.h> #include <sys/kernel.h> #include <sys/kobj.h> +#include <sys/limits.h> #include <sys/malloc.h> #include <sys/module.h> #include <sys/mutex.h> @@ -1394,7 +1395,7 @@ devclass_add_device(devclass_t dc, devic PDEBUG(("%s in devclass %s", DEVICENAME(dev), DEVCLANAME(dc))); - buflen = snprintf(NULL, 0, "%s%d$", dc->name, dev->unit); + buflen = snprintf(NULL, 0, "%s%d$", dc->name, INT_MAX); if (buflen < 0) return (ENOMEM); dev->nameunit = malloc(buflen, M_BUS, M_NOWAIT|M_ZERO);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911222351.nAMNpp5c033502>