From owner-p4-projects@FreeBSD.ORG Thu May 29 16:47:07 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 719DF37B404; Thu, 29 May 2003 16:47:06 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC56537B401; Thu, 29 May 2003 16:47:05 -0700 (PDT) Received: from garple.migus.org (pcp243563pcs.howard01.md.comcast.net [68.55.84.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 862BB43F75; Thu, 29 May 2003 16:47:04 -0700 (PDT) (envelope-from adam@migus.org) Received: from migus.org (localhost [127.0.0.1]) by garple.migus.org (8.12.7/8.12.7) with SMTP id h4TNkxZ3005924; Thu, 29 May 2003 19:47:03 -0400 (EDT) (envelope-from adam@migus.org) Received: from 205.227.136.1 (SquirrelMail authenticated user adam) by mail.migus.org with HTTP; Thu, 29 May 2003 19:47:03 -0400 (EDT) Message-ID: <45980.205.227.136.1.1054252023.squirrel@mail.migus.org> Date: Thu, 29 May 2003 19:47:03 -0400 (EDT) From: "Adam Migus" To: In-Reply-To: <41432.205.227.136.1.1054251755.squirrel@mail.migus.org> References: <200305292314.h4TNEYbs070967@repoman.freebsd.org> <41432.205.227.136.1.1054251755.squirrel@mail.migus.org> X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=-19.6 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES version=2.50 X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) cc: perforce@freebsd.org cc: rwatson@freebsd.org Subject: Re: PERFORCE change 32072 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 23:47:08 -0000 Robert, Sorry I failed to address a point. I assumed when writing the code that the caller would pass in a large enough string, as that assumption is made elsewhere in code called at this layer in the framework. To be explicit, I think this change is therefor rendundant. Also I am curious, asside from intentionally passing in a string that's too short to hold the result can you make this code panic? Adam > Robert, > len can never exceed size which is passed in as the > size of the string. Therefor the NULL will always > land inside the string. > How exactly does snprintf() fail? > > Adam > > >> http://perforce.freebsd.org/chv.cgi?CH=32072 >> >> Change 32072 by rwatson@rwatson_tislabs on >> 2003/05/29 16:14:02 >> >> Temporary work-around for overflows in >> externalization of >> compartment strings in the Biba and MLS policies. >> Validate >> that the nul we slap down in fact lands inside >> the >> string. >> This code generally needs cleaning up, since it >> fails to >> handle failures by snprintf(). If the provided >> string is >> too short, this result is preferable to kernel >> panics, etc. >> >> Affected files ... >> >> .. >> //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#209 >> edit .. >> //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#167 >> edit >> >> Differences ... >> >> ==== >> //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#209 >> (text+ko) ==== >> >> @@ -583,7 +583,11 @@ >> } while(bit <= MAC_BIBA_MAX_COMPARTMENTS); >> >> len = size - left - 1; >> - string[len] = '\0'; >> + if (len > 0 && len < size) >> + string[len] = '\0'; >> + else >> + string[0] = '\0'; >> + >> return (len); >> >> default: >> >> ==== >> //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#167 >> (text+ko) ==== >> >> @@ -547,7 +547,10 @@ >> } while(bit <= MAC_MLS_MAX_COMPARTMENTS); >> >> len = size - left - 1; >> - string[len] = '\0'; >> + if (len > 0 && len < size) >> + string[len] = '\0'; >> + else >> + string[0] = '\0'; >> return (len); >> >> default: > > > -- > Adam Migus - Research Scientist > Network Associates Laboratories > (http://www.nailabs.com) > FreeBSD (http://www.freebsd.org) > God may be subtle, but He isn't plain mean. -- > Albert > Einstein -- Adam Migus - Research Scientist Network Associates Laboratories (http://www.nailabs.com) FreeBSD (http://www.freebsd.org) God may be subtle, but He isn't plain mean. -- Albert Einstein