Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 4 Apr 2019 05:22:44 +0200
From:      Mateusz Guzik <mjguzik@gmail.com>
To:        Enji Cooper <yaneurabeya@gmail.com>
Cc:        src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head@freebsd.org
Subject:   Re: svn commit: r345853 - head/usr.bin/rctl
Message-ID:  <CAGudoHH5PvS%2BnaEZpOn%2BntJGpZNGGuZ64NsJCuwVLrJT5=deOw@mail.gmail.com>
In-Reply-To: <EE367002-EC49-41F3-94A8-79F475CC63B8@gmail.com>
References:  <201904032037.x33KbEjq070604@repo.freebsd.org> <EE367002-EC49-41F3-94A8-79F475CC63B8@gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 4/4/19, Enji Cooper <yaneurabeya@gmail.com> wrote:
>
>> On Apr 3, 2019, at 1:37 PM, Mateusz Guzik <mjg@FreeBSD.org> wrote:
>>
>> Author: mjg
>> Date: Wed Apr  3 20:37:14 2019
>> New Revision: 345853
>> URL: https://svnweb.freebsd.org/changeset/base/345853
>>
>> Log:
>>  rctl: fix sysctl kern.racct.enable use after r341182
>>
>>  The value was changed from int to bool. Since the new type
>>  is smaller, the rest of the variable in the caller was left
>>  unitialized.
>
> I hit a bug like this recently with capsicum-test. Do you think it makes
> sense to purge all of the memory or return -1/set EINVAL for reasons similar
> to this for newp?
>
>      [EINVAL]           A non-null newp is given and its specified length
> in
>                         newlen is too large or too small.
>

There is most likely code which always passed oversized bufs. This change
would break it.

-- 
Mateusz Guzik <mjguzik gmail.com>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGudoHH5PvS%2BnaEZpOn%2BntJGpZNGGuZ64NsJCuwVLrJT5=deOw>