Date: Fri, 7 Sep 2012 02:10:32 +0000 From: John <jwd@FreeBSD.org> To: FreeBSD GEOM <freebsd-geom@FreeBSD.org> Subject: Minor argument checking patch Message-ID: <20120907021031.GA16706@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hi Folks,
I lost some time recently chasing a bug in a script. Turns
out gstripe (and friends) politely accept a device name as the
label name.
Anyone want to commit, or mind if I commit, a simple change?
# gstripe label -v /dev/multipath/S6[12345678]
gstripe: Invalid label: /dev/multipath/S61
I'd also be willing to say that we should validate that the label
name doesn't exceed sizeof(md.md_name) - currently silently truncated.
Thoughts?
Thanks,
John
Sample patch
--- geom_stripe.c.orig 2012-09-06 21:32:00.000000000 -0400
+++ geom_stripe.c 2012-09-06 21:46:48.000000000 -0400
@@ -136,6 +136,16 @@
hardcode = gctl_get_int(req, "hardcode");
/*
+ * Validate name prior to any device changes
+ */
+ name = gctl_get_ascii(req, "arg0");
+ if (strchr(name,'/') != NULL) {
+ gctl_error(req, "Invalid label: %s", name);
+ return;
+ }
+ strlcpy(md.md_name, name, sizeof(md.md_name));
+
+ /*
* Clear last sector first to spoil all components if device exists.
*/
compsize = 0;
@@ -167,8 +177,6 @@
strlcpy(md.md_magic, G_STRIPE_MAGIC, sizeof(md.md_magic));
md.md_version = G_STRIPE_VERSION;
- name = gctl_get_ascii(req, "arg0");
- strlcpy(md.md_name, name, sizeof(md.md_name));
md.md_id = arc4random();
md.md_all = nargs - 1;
stripesize = gctl_get_intmax(req, "stripesize");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120907021031.GA16706>