Date: Fri, 17 Apr 2020 21:27:53 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 245712] iflib: ift_mtx_name is too small Message-ID: <bug-245712-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245712 Bug ID: 245712 Summary: iflib: ift_mtx_name is too small Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: ghuckriede@blackberry.com Overview: 'ift_mtx_name' https://svnweb.freebsd.org/base/head/sys/net/iflib.c?annotate=359436#l362 has size of 16 bytes When it is initialized https://svnweb.freebsd.org/base/head/sys/net/iflib.c?annotate=359436#l5522 the format string "%s:TX(%d):callout" already uses 14 of those bytes (including the NULL terminator). This leaves 2 bytes for the 'nameunit' string and the 'ift_id' number, which clearly is not enough. I see 2 possible fixes: 1. Increase the 'ift_mtx_name' array size ('nameunit' is not really a fixed size, so how much?). 2. Change 'ift_mtx_name' to a pointer and alloc an appropriately sized string, and free it on destroy. Actual Results: 'ift_mtx_name' is truncated even in the best case (i.e. 2 character interface name). e.g. "em0:TX(0):callo" Expected Results: No truncation. Build Date & Hardware: # uname -a FreeBSD FreeBSD_head_ghuckriede 13.0-CURRENT FreeBSD 13.0-CURRENT #2 r360017: Fri Apr 17 11:16:38 EDT 2020 ghuckriede@FreeBSD_head_ghuckriede:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 Additional Builds and Platforms: na Additional Information: na -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-245712-227>