From owner-freebsd-usb@FreeBSD.ORG  Sun Sep  6 06:07:37 2009
Return-Path: <owner-freebsd-usb@FreeBSD.ORG>
Delivered-To: freebsd-usb@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BF099106566C;
	Sun,  6 Sep 2009 06:07:37 +0000 (UTC)
	(envelope-from hselasky@c2i.net)
Received: from swip.net (mailfe13.tele2.se [212.247.155.129])
	by mx1.freebsd.org (Postfix) with ESMTP id F297B8FC0A;
	Sun,  6 Sep 2009 06:07:36 +0000 (UTC)
X-Cloudmark-Score: 0.000000 []
X-Cloudmark-Analysis: v=1.0 c=1 a=4vnDIvHStfEA:10
	a=hlIU1J3LQChSjWV/CGRL5g==:17 a=uhh3LCbTrq6yCyuCZZQA:9
	a=hvR6Fimu8t7zZvyYG0gA:7 a=9jbu1FQZcCBn8Uht5V0gMpoINZ4A:4
	a=Yj1PFnEQd7U8ibVu:21 a=t7LCYPOdxU8YgLjZ:21
Received: from [193.217.167.6] (account mc467741@c2i.net HELO
	laptop.adsl.tele2.no)
	by mailfe13.swip.net (CommuniGate Pro SMTP 5.2.13)
	with ESMTPA id 916327944; Sun, 06 Sep 2009 08:07:34 +0200
From: Hans Petter Selasky <hselasky@c2i.net>
To: freebsd-usb@freebsd.org
Date: Sun, 6 Sep 2009 08:07:58 +0200
User-Agent: KMail/1.11.4 (FreeBSD/9.0-CURRENT; KDE/4.2.4; i386; ; )
References: <200909052214.n85ME42B047658@www.freebsd.org>
In-Reply-To: <200909052214.n85ME42B047658@www.freebsd.org>
X-Face: (%<A9p'; 5>:6u[ldzJ`0qjD7sCkfdMmD*RxpO<Q0yAl~?`'F?jDVb]E6TQ7'#h-VlLs}k/
	(yxg(p!IL.`#ng"%`BMrham7%UK,}VH\wUOm=^>wEEQ+KWt[{J#x6ow~JO:,zwp.(t; @Aq
	:4:&nFCgDb8[3oIeTb^'",;u{5{}C9>"PuY\)!=#\u9SSM-nz8+SR~B\!qBv
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200909060807.59357.hselasky@c2i.net>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: usb/138559: [usb8] uether sysctl handler doesn't NUL-terminate
	the string
X-BeenThere: freebsd-usb@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: FreeBSD support for USB <freebsd-usb.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-usb>
List-Post: <mailto:freebsd-usb@freebsd.org>
List-Help: <mailto:freebsd-usb-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-usb>,
	<mailto:freebsd-usb-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Sep 2009 06:07:37 -0000

On Sunday 06 September 2009 00:14:04 Bruce Cran wrote:
> >Number:         138559
> >Category:       usb
> >Synopsis:       [usb8] uether sysctl handler doesn't NUL-terminate the
> > string Confidential:   no
> >Severity:       non-critical
> >Priority:       low
> >Responsible:    freebsd-usb
> >State:          open
> >Quarter:
> >Keywords:
> >Date-Required:
> >Class:          sw-bug
> >Submitter-Id:   current-users
> >Arrival-Date:   Sat Sep 05 22:20:03 UTC 2009
> >Closed-Date:
> >Last-Modified:
> >Originator:     Bruce Cran
> >Release:        8.0-BETA3
> >Organization:
> >Environment:
>
> FreeBSD gluon.draftnet 8.0-BETA3 FreeBSD 8.0-BETA3 #1: Fri Sep  4 09:20:32
> BST 2009     brucec@gluon.draftnet:/usr/obj/usr/src/sys/GENERIC  i386
>
> >Description:
>
> The sysctl handler in sys/dev/usb/net/usb_ethernet.c line 143 doesn't
> NUL-terminate the sysctl string returned to the user because it passes the
> length as "strlen(name)" instead of "strlen(name)+1".
>
> >How-To-Repeat:
> >
> >Fix:
>
> Patch attached with submission follows:
>
> --- usb_ethernet.c.orig	2009-09-05 21:35:09.000000000 +0100
> +++ usb_ethernet.c	2009-09-05 21:36:18.000000000 +0100
> @@ -146,7 +146,7 @@
>  	const char *name;
>
>  	name = device_get_nameunit(ue->ue_dev);
> -	return SYSCTL_OUT(req, name, strlen(name));
> +	return SYSCTL_OUT(req, name, strlen(name) + 1);
>  }
>
>  int
>
> >Release-Note:
> >Audit-Trail:
> >Unformatted:

Hi,

When plugging an USB ethernet adapter and printing out all sysctls, the parent 
string does not look corrupt. Are you sure that the terminating zero is not 
inserted somewhere else?

--HPS