Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Dec 2008 01:04:26 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r185899 - in head: sys/kern usr.sbin/jexec usr.sbin/jls
Message-ID:  <200812110104.mBB14Qp0048262@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: bz
Date: Thu Dec 11 01:04:25 2008
New Revision: 185899
URL: http://svn.freebsd.org/changeset/base/185899

Log:
  Correctly check the number of prison states to not access anything
  outside the prison_states array.
  When checking if there is a name configured for the prison, check the
  first character to not be '\0' instead of checking if the char array
  is present, which it always is. Note, that this is different for the
  *jailname in the syscall.
  
  Found with:	Coverity Prevent(tm)
  CID:		4156, 4155
  MFC after:	4 weeks (just that I get the mail)

Modified:
  head/sys/kern/kern_jail.c
  head/usr.sbin/jexec/jexec.c
  head/usr.sbin/jls/jls.c

Modified: head/sys/kern/kern_jail.c
==============================================================================
--- head/sys/kern/kern_jail.c	Thu Dec 11 00:58:05 2008	(r185898)
+++ head/sys/kern/kern_jail.c	Thu Dec 11 01:04:25 2008	(r185899)
@@ -1574,13 +1574,13 @@ DB_SHOW_COMMAND(jails, db_show_jails)
 		    pr->pr_ip4s, pr->pr_ip6s);
 		db_printf("%6s  %-29.29s %.74s\n",
 		    "", pr->pr_host, pr->pr_path);
-		if (pr->pr_state < 0 || pr->pr_state > (int)((sizeof(
+		if (pr->pr_state < 0 || pr->pr_state >= (int)((sizeof(
 		    prison_states) / sizeof(struct prison_state))))
 			state = "(bogus)";
 		else
 			state = prison_states[pr->pr_state].state_name;
 		db_printf("%6s  %-29.29s %.74s\n",
-		    "", (pr->pr_name != NULL) ? pr->pr_name : "", state);
+		    "", (pr->pr_name[0] != '\0') ? pr->pr_name : "", state);
 		db_printf("%6s  %-6d\n",
 		    "", pr->pr_cpuset->cs_id);
 #ifdef INET

Modified: head/usr.sbin/jexec/jexec.c
==============================================================================
--- head/usr.sbin/jexec/jexec.c	Thu Dec 11 00:58:05 2008	(r185898)
+++ head/usr.sbin/jexec/jexec.c	Thu Dec 11 01:04:25 2008	(r185899)
@@ -80,13 +80,13 @@ char *lookup_xprison_v3(void *p, char *e
 	ok = 1;
 
 	/* Jail state and name. */
-	if (xp->pr_state < 0 || xp->pr_state >
+	if (xp->pr_state < 0 || xp->pr_state >=
 	    (int)((sizeof(prison_states) / sizeof(struct prison_state))))
 		errx(1, "Invalid jail state.");
 	else if (xp->pr_state != PRISON_STATE_ALIVE)
 		ok = 0;
 	if (jailname != NULL) {
-		if (xp->pr_name == NULL)
+		if (xp->pr_name[0] == '\0')
 			ok = 0;
 		else if (strcmp(jailname, xp->pr_name) != 0)
 			ok = 0;

Modified: head/usr.sbin/jls/jls.c
==============================================================================
--- head/usr.sbin/jls/jls.c	Thu Dec 11 00:58:05 2008	(r185898)
+++ head/usr.sbin/jls/jls.c	Thu Dec 11 01:04:25 2008	(r185899)
@@ -86,7 +86,7 @@ char *print_xprison_v3(void *p, char *en
 		errx(1, "Invalid length for jail");
 	xp = (struct xprison *)p;
 
-	if (xp->pr_state < 0 || xp->pr_state > (int)
+	if (xp->pr_state < 0 || xp->pr_state >= (int)
 	    ((sizeof(prison_states) / sizeof(struct prison_state))))
 		state = "(bogus)";
 	else
@@ -110,7 +110,7 @@ char *print_xprison_v3(void *p, char *en
 	/* Jail state and name. */
 	if (flags & FLAG_V)
 		printf("%6s  %-29.29s %.74s\n",
-		    "", (xp->pr_name != NULL) ? xp->pr_name : "", state);
+		    "", (xp->pr_name[0] != '\0') ? xp->pr_name : "", state);
 
 	/* cpusetid. */
 	if (flags & FLAG_V)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812110104.mBB14Qp0048262>