Date: Sat, 14 Sep 2019 00:28:30 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 240573] sysctl() does not return ENOMEM but silently truncate return data Message-ID: <bug-240573-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240573 Bug ID: 240573 Summary: sysctl() does not return ENOMEM but silently truncate return data Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: rozhuk.im@gmail.com int mib[4] =3D { CTL_KERN, KERN_PROC, KERN_PROC_FILEDESC, getpid() }; if (0 !=3D sysctl(mib, 4, NULL, &buf_size, NULL, 0)) return (errno); buf =3D malloc(buf, buf_size); newfd =3D open("/dev/null", O_RDONLY); /* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!= !! */ if (0 !=3D sysctl(mib, 4, buf, &buf_size, NULL, 0)) { if (ENOMEM !=3D errno) { free(buf) return (errno); } } This code should fail, but it fill buf with struct kinfo_file, and there is= no newfd. No fail, no error code set, silent data truncation. Probably sys/kern/kern_descrip.c: export_kinfo_to_sb() ... if (efbuf->remainder < kif->kf_structsize) { /* Terminate export. */ efbuf->remainder =3D 0; return (0); } ... should return here ENOMEM!? I see hack to avoid missing fd for that in lib/libutil/kinfo_getfile.c: kinfo_getfile(): ... len =3D len * 4 / 3; ... Same for kern.ipc.posix_shm_list. sys/kern/uipc_shm.c: sysctl_posix_shm_list() if (req->oldptr !=3D NULL && kif.kf_structsize + curlen > req->oldlen) break; error =3D ENOMEM; - before break missed. hack: usr.bin/posixshmcontrol/posixshmcontrol.c: list_shm() sys/kern/kern_proc.c: kern_proc_vmmap_out() ... /* Halt filling and truncate rather than exceeding maxlen */ if (maxlen !=3D -1 && maxlen < kve->kve_structsize) { error =3D 0; vm_map_lock_read(map); break; ... error =3D ENOMEM;? And probably other places where exist buf size check and exit from loop bef= ore call sbuf_bcat(). --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240573-227>