From owner-freebsd-bugs  Wed Dec 26  8: 0:11 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 4BD0C37B416
	for <freebsd-bugs@hub.freebsd.org>; Wed, 26 Dec 2001 08:00:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id fBQG01q47518;
	Wed, 26 Dec 2001 08:00:01 -0800 (PST)
	(envelope-from gnats)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id EE13D37B405
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 26 Dec 2001 07:55:07 -0800 (PST)
Received: (from robert@localhost)
	by fledge.watson.org (8.11.6/8.11.5) id fBQFt6445948;
	Wed, 26 Dec 2001 10:55:06 -0500 (EST)
	(envelope-from robert)
Message-Id: <200112261555.fBQFt6445948@fledge.watson.org>
Date: Wed, 26 Dec 2001 10:55:06 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: kern/33201: net/net_osdep.c:if_name is broken
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         33201
>Category:       kern
>Synopsis:       net/net_osdep.c:if_name is broken
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 26 08:00:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Robert Watson
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
NAI Labs
>Environment:
System: 

FreeBSD curry.decoverly.watson.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Dec 23 23:15:06 EST 2001     rwatson@curry.decoverly.watson.org:/usr/obj/usr/src/sys/BKTR  i386

>Description:

While it doesn't actually currently result in a failure that I can find,
if_name() is written in a very failure-prone style:

const char *
if_name(ifp)
        struct ifnet *ifp;
{
#define MAXNUMBUF       8
        static char nam[MAXNUMBUF][IFNAMSIZ + 10];      /*enough?*/
        static int ifbufround = 0;
        char *cp;

        ifbufround = (ifbufround + 1) % MAXNUMBUF;
        cp = nam[ifbufround];

        snprintf(cp, IFNAMSIZ + 10, "%s%d", ifp->if_name, ifp->if_unit);
        return((const char *)cp);
#undef MAXNUMBUF
}

Returning pointers into the stack space of a function that is exiting
is *never* a good idea.

Also, this code suffers from a continuing confusion about the possible
size of interface name strings that seems widespread through the sack.
IFNAMSIZ should either be sufficient and used everywhere, or be fixed.
As it stands, I found several hard-coded variants on the them, and
the ifunit() code to build a device name also looked fairly suspect.

>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message