Date: Thu, 29 May 2003 16:14:34 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 32072 for review Message-ID: <200305292314.h4TNEYbs070967@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=32072 Change 32072 by rwatson@rwatson_tislabs on 2003/05/29 16:14:02 Temporary work-around for overflows in externalization of compartment strings in the Biba and MLS policies. Validate that the nul we slap down in fact lands inside the string. This code generally needs cleaning up, since it fails to handle failures by snprintf(). If the provided string is too short, this result is preferable to kernel panics, etc. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#209 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#167 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#209 (text+ko) ==== @@ -583,7 +583,11 @@ } while(bit <= MAC_BIBA_MAX_COMPARTMENTS); len = size - left - 1; - string[len] = '\0'; + if (len > 0 && len < size) + string[len] = '\0'; + else + string[0] = '\0'; + return (len); default: ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#167 (text+ko) ==== @@ -547,7 +547,10 @@ } while(bit <= MAC_MLS_MAX_COMPARTMENTS); len = size - left - 1; - string[len] = '\0'; + if (len > 0 && len < size) + string[len] = '\0'; + else + string[0] = '\0'; return (len); default:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305292314.h4TNEYbs070967>