From owner-svn-src-head@FreeBSD.ORG  Thu Dec 11 01:04:26 2008
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AE3F11065670;
	Thu, 11 Dec 2008 01:04:26 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 996D48FC1E;
	Thu, 11 Dec 2008 01:04:26 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mBB14Q1C048265;
	Thu, 11 Dec 2008 01:04:26 GMT (envelope-from bz@svn.freebsd.org)
Received: (from bz@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id mBB14Qp0048262;
	Thu, 11 Dec 2008 01:04:26 GMT (envelope-from bz@svn.freebsd.org)
Message-Id: <200812110104.mBB14Qp0048262@svn.freebsd.org>
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Thu, 11 Dec 2008 01:04:26 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r185899 - in head: sys/kern usr.sbin/jexec usr.sbin/jls
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Dec 2008 01:04:26 -0000

Author: bz
Date: Thu Dec 11 01:04:25 2008
New Revision: 185899
URL: http://svn.freebsd.org/changeset/base/185899

Log:
  Correctly check the number of prison states to not access anything
  outside the prison_states array.
  When checking if there is a name configured for the prison, check the
  first character to not be '\0' instead of checking if the char array
  is present, which it always is. Note, that this is different for the
  *jailname in the syscall.
  
  Found with:	Coverity Prevent(tm)
  CID:		4156, 4155
  MFC after:	4 weeks (just that I get the mail)

Modified:
  head/sys/kern/kern_jail.c
  head/usr.sbin/jexec/jexec.c
  head/usr.sbin/jls/jls.c

Modified: head/sys/kern/kern_jail.c
==============================================================================
--- head/sys/kern/kern_jail.c	Thu Dec 11 00:58:05 2008	(r185898)
+++ head/sys/kern/kern_jail.c	Thu Dec 11 01:04:25 2008	(r185899)
@@ -1574,13 +1574,13 @@ DB_SHOW_COMMAND(jails, db_show_jails)
 		    pr->pr_ip4s, pr->pr_ip6s);
 		db_printf("%6s  %-29.29s %.74s\n",
 		    "", pr->pr_host, pr->pr_path);
-		if (pr->pr_state < 0 || pr->pr_state > (int)((sizeof(
+		if (pr->pr_state < 0 || pr->pr_state >= (int)((sizeof(
 		    prison_states) / sizeof(struct prison_state))))
 			state = "(bogus)";
 		else
 			state = prison_states[pr->pr_state].state_name;
 		db_printf("%6s  %-29.29s %.74s\n",
-		    "", (pr->pr_name != NULL) ? pr->pr_name : "", state);
+		    "", (pr->pr_name[0] != '\0') ? pr->pr_name : "", state);
 		db_printf("%6s  %-6d\n",
 		    "", pr->pr_cpuset->cs_id);
 #ifdef INET

Modified: head/usr.sbin/jexec/jexec.c
==============================================================================
--- head/usr.sbin/jexec/jexec.c	Thu Dec 11 00:58:05 2008	(r185898)
+++ head/usr.sbin/jexec/jexec.c	Thu Dec 11 01:04:25 2008	(r185899)
@@ -80,13 +80,13 @@ char *lookup_xprison_v3(void *p, char *e
 	ok = 1;
 
 	/* Jail state and name. */
-	if (xp->pr_state < 0 || xp->pr_state >
+	if (xp->pr_state < 0 || xp->pr_state >=
 	    (int)((sizeof(prison_states) / sizeof(struct prison_state))))
 		errx(1, "Invalid jail state.");
 	else if (xp->pr_state != PRISON_STATE_ALIVE)
 		ok = 0;
 	if (jailname != NULL) {
-		if (xp->pr_name == NULL)
+		if (xp->pr_name[0] == '\0')
 			ok = 0;
 		else if (strcmp(jailname, xp->pr_name) != 0)
 			ok = 0;

Modified: head/usr.sbin/jls/jls.c
==============================================================================
--- head/usr.sbin/jls/jls.c	Thu Dec 11 00:58:05 2008	(r185898)
+++ head/usr.sbin/jls/jls.c	Thu Dec 11 01:04:25 2008	(r185899)
@@ -86,7 +86,7 @@ char *print_xprison_v3(void *p, char *en
 		errx(1, "Invalid length for jail");
 	xp = (struct xprison *)p;
 
-	if (xp->pr_state < 0 || xp->pr_state > (int)
+	if (xp->pr_state < 0 || xp->pr_state >= (int)
 	    ((sizeof(prison_states) / sizeof(struct prison_state))))
 		state = "(bogus)";
 	else
@@ -110,7 +110,7 @@ char *print_xprison_v3(void *p, char *en
 	/* Jail state and name. */
 	if (flags & FLAG_V)
 		printf("%6s  %-29.29s %.74s\n",
-		    "", (xp->pr_name != NULL) ? xp->pr_name : "", state);
+		    "", (xp->pr_name[0] != '\0') ? xp->pr_name : "", state);
 
 	/* cpusetid. */
 	if (flags & FLAG_V)