Date: Mon, 18 May 2020 08:48:33 -0700 From: Conrad Meyer <cem@freebsd.org> To: Michael Tuexen <tuexen@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Subject: Re: svn commit: r361209 - head/sys/netinet Message-ID: <CAG6CVpULv4B9taKOOf9minkXj9QBMgdwxPaYSLF6otFu97K6Ag@mail.gmail.com> In-Reply-To: <CAG6CVpWA1gKLzacDeAFOGTKJcNrg608k5yu8CJg48_WFS0omnA@mail.gmail.com> References: <202005181007.04IA713t089936@repo.freebsd.org> <CAG6CVpWA1gKLzacDeAFOGTKJcNrg608k5yu8CJg48_WFS0omnA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
(In fact, I don't believe snprintf(9) can return a negative value at all. And snprintf(3) will only do so in some special circumstances for features snprintf(9) does not support: buffer size or formatted result longer than INT_MAX; invalid *nn$ field width or precision specifiers. I don't think either case applies to these strings, although I did not read all of them thoroughly.) On Mon, May 18, 2020 at 8:38 AM Conrad Meyer <cem@freebsd.org> wrote: > > Hi Michael, > > These changes are a bit odd. The only reason a standards-compliant > snprintf() would fail to nul-terminate a buffer is if the provided > buffer had length zero. Since this is not the case in any of these > uses, I wonder why this revision was made? Does a SCTP downstream > have a broken snprintf implementation, and if so, wouldn't it make > more sense to create a standards-compliant portability shim for that > platform instead of this more invasive change? > > FreeBSD's snprintf(9) does not have this bug, nor does its snprintf(3). > > Best regards, > Conrad > > On Mon, May 18, 2020 at 3:07 AM Michael Tuexen <tuexen@freebsd.org> wrote: > > > > Author: tuexen > > Date: Mon May 18 10:07:01 2020 > > New Revision: 361209 > > URL: https://svnweb.freebsd.org/changeset/base/361209 > > > > Log: > > Handle failures of snprintf(). > > > > MFC after: 3 days > > > > Modified: > > head/sys/netinet/sctp_asconf.c > > head/sys/netinet/sctp_indata.c > > head/sys/netinet/sctp_input.c > > head/sys/netinet/sctp_output.c > > head/sys/netinet/sctp_pcb.c > > > > Modified: head/sys/netinet/sctp_asconf.c > > ============================================================================== > > --- head/sys/netinet/sctp_asconf.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_asconf.c Mon May 18 10:07:01 2020 (r361209) > > @@ -1706,8 +1706,9 @@ sctp_handle_asconf_ack(struct mbuf *m, int offset, > > char msg[SCTP_DIAG_INFO_LEN]; > > > > SCTPDBG(SCTP_DEBUG_ASCONF1, "handle_asconf_ack: got unexpected next serial number! Aborting asoc!\n"); > > - snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", > > - serial_num); > > + if (snprintf(msg, sizeof(msg), "Never sent serial number %8.8x", serial_num) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > > *abort_no_unlock = 1; > > > > Modified: head/sys/netinet/sctp_indata.c > > ============================================================================== > > --- head/sys/netinet/sctp_indata.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_indata.c Mon May 18 10:07:01 2020 (r361209) > > @@ -434,22 +434,26 @@ sctp_abort_in_reasm(struct sctp_tcb *stcb, > > struct mbuf *oper; > > > > if (stcb->asoc.idata_supported) { > > - snprintf(msg, sizeof(msg), > > + if (snprintf(msg, sizeof(msg), > > "Reass %x,CF:%x,TSN=%8.8x,SID=%4.4x,FSN=%8.8x,MID:%8.8x", > > opspot, > > control->fsn_included, > > chk->rec.data.tsn, > > chk->rec.data.sid, > > - chk->rec.data.fsn, chk->rec.data.mid); > > + chk->rec.data.fsn, chk->rec.data.mid) < 0) { > > + msg[0] = '\0'; > > + } > > } else { > > - snprintf(msg, sizeof(msg), > > + if (snprintf(msg, sizeof(msg), > > "Reass %x,CI:%x,TSN=%8.8x,SID=%4.4x,FSN=%4.4x,SSN:%4.4x", > > opspot, > > control->fsn_included, > > chk->rec.data.tsn, > > chk->rec.data.sid, > > chk->rec.data.fsn, > > - (uint16_t)chk->rec.data.mid); > > + (uint16_t)chk->rec.data.mid) < 0) { > > + msg[0] = '\0'; > > + } > > } > > oper = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > sctp_m_freem(chk->data); > > @@ -533,15 +537,19 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, > > */ > > TAILQ_INSERT_HEAD(&strm->inqueue, control, next_instrm); > > if (asoc->idata_supported) { > > - snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > > + if (snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > > strm->last_mid_delivered, control->sinfo_tsn, > > - control->sinfo_stream, control->mid); > > + control->sinfo_stream, control->mid) < 0) { > > + msg[0] = '\0'; > > + } > > } else { > > - snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > > + if (snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > > (uint16_t)strm->last_mid_delivered, > > control->sinfo_tsn, > > control->sinfo_stream, > > - (uint16_t)control->mid); > > + (uint16_t)control->mid) < 0) { > > + msg[0] = '\0'; > > + } > > } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_2; > > @@ -648,9 +656,10 @@ sctp_queue_data_to_stream(struct sctp_tcb *stcb, > > * to put it on the queue. > > */ > > if (sctp_place_control_in_stream(strm, asoc, control)) { > > - snprintf(msg, sizeof(msg), > > - "Queue to str MID: %u duplicate", > > - control->mid); > > + if (snprintf(msg, sizeof(msg), > > + "Queue to str MID: %u duplicate", control->mid) < 0) { > > + msg[0] = '\0'; > > + } > > sctp_clean_up_control(stcb, control); > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_3; > > @@ -1881,8 +1890,9 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > * can *not* be fsn 0. XXX: This can happen in case of a > > * wrap around. Ignore is for now. > > */ > > - snprintf(msg, sizeof(msg), "FSN zero for MID=%8.8x, but flags=%2.2x", > > - mid, chk_flags); > > + if (snprintf(msg, sizeof(msg), "FSN zero for MID=%8.8x, but flags=%2.2x", mid, chk_flags) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } > > control = sctp_find_reasm_entry(&asoc->strmin[sid], mid, ordered, asoc->idata_supported); > > @@ -1893,7 +1903,9 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > if (control != NULL) { > > /* We found something, does it belong? */ > > if (ordered && (mid != control->mid)) { > > - snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid); > > + if (snprintf(msg, sizeof(msg), "Reassembly problem (MID=%8.8x)", mid) < 0) { > > + msg[0] = '\0'; > > + } > > err_out: > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_16; > > @@ -1906,8 +1918,11 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > * We can't have a switched order with an > > * unordered chunk > > */ > > - snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > > - tsn); > > + if (snprintf(msg, sizeof(msg), > > + "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > > + tsn) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } > > if (!ordered && (((control->sinfo_flags >> 8) & SCTP_DATA_UNORDERED) == 0)) { > > @@ -1915,8 +1930,11 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > * We can't have a switched unordered with a > > * ordered chunk > > */ > > - snprintf(msg, sizeof(msg), "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > > - tsn); > > + if (snprintf(msg, sizeof(msg), > > + "All fragments of a user message must be ordered or unordered (TSN=%8.8x)", > > + tsn) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } > > } > > @@ -1930,12 +1948,18 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > if (ordered || asoc->idata_supported) { > > SCTPDBG(SCTP_DEBUG_XXX, "chunk_flags: 0x%x dup detected on MID: %u\n", > > chk_flags, mid); > > - snprintf(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid); > > + if (snprintf(msg, sizeof(msg), "Duplicate MID=%8.8x detected.", mid) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } else { > > if ((tsn == control->fsn_included + 1) && > > (control->end_added == 0)) { > > - snprintf(msg, sizeof(msg), "Illegal message sequence, missing end for MID: %8.8x", control->fsn_included); > > + if (snprintf(msg, sizeof(msg), > > + "Illegal message sequence, missing end for MID: %8.8x", > > + control->fsn_included) < 0) { > > + msg[0] = '\0'; > > + } > > goto err_out; > > } else { > > control = NULL; > > @@ -2032,17 +2056,21 @@ sctp_process_a_data_chunk(struct sctp_tcb *stcb, struc > > mid, asoc->strmin[sid].last_mid_delivered); > > > > if (asoc->idata_supported) { > > - snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > > + if (snprintf(msg, sizeof(msg), "Delivered MID=%8.8x, got TSN=%8.8x, SID=%4.4x, MID=%8.8x", > > asoc->strmin[sid].last_mid_delivered, > > tsn, > > sid, > > - mid); > > + mid) < 0) { > > + msg[0] = '\0'; > > + } > > } else { > > - snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > > + if (snprintf(msg, sizeof(msg), "Delivered SSN=%4.4x, got TSN=%8.8x, SID=%4.4x, SSN=%4.4x", > > (uint16_t)asoc->strmin[sid].last_mid_delivered, > > tsn, > > sid, > > - (uint16_t)mid); > > + (uint16_t)mid) < 0) { > > + msg[0] = '\0'; > > + } > > } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_17; > > @@ -2769,7 +2797,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated"); > > + if (snprintf(msg, sizeof(msg), "%s", "I-DATA chunk received when DATA was negotiated") < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_20; > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -2780,7 +2810,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated"); > > + if (snprintf(msg, sizeof(msg), "%s", "DATA chunk received when I-DATA was negotiated") < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_21; > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -2803,9 +2835,11 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "%s chunk of length %u", > > + if (snprintf(msg, sizeof(msg), "%s chunk of length %u", > > ch->chunk_type == SCTP_DATA ? "DATA" : "I-DATA", > > - chk_length); > > + chk_length) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_22; > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -2874,8 +2908,10 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x", > > - ch->chunk_type); > > + if (snprintf(msg, sizeof(msg), "DATA chunk followed by chunk of type %2.2x", > > + ch->chunk_type) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > return (2); > > @@ -2893,8 +2929,9 @@ sctp_process_data(struct mbuf **mm, int iphlen, int *o > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "Chunk of length %u", > > - chk_length); > > + if (snprintf(msg, sizeof(msg), "Chunk of length %u", chk_length) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_23; > > sctp_abort_an_association(inp, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -4043,8 +4080,11 @@ sctp_express_handle_sack(struct sctp_tcb *stcb, uint32 > > > > *abort_now = 1; > > /* XXX */ > > - snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", > > - cumack, send_s); > > + if (snprintf(msg, sizeof(msg), > > + "Cum ack %8.8x greater or equal than TSN %8.8x", > > + cumack, send_s) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_24; > > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -4585,8 +4625,11 @@ sctp_handle_sack(struct mbuf *m, int offset_seg, int o > > hopeless_peer: > > *abort_now = 1; > > /* XXX */ > > - snprintf(msg, sizeof(msg), "Cum ack %8.8x greater or equal than TSN %8.8x", > > - cum_ack, send_s); > > + if (snprintf(msg, sizeof(msg), > > + "Cum ack %8.8x greater or equal than TSN %8.8x", > > + cum_ack, send_s) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_28; > > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > > @@ -5629,9 +5672,11 @@ sctp_handle_forward_tsn(struct sctp_tcb *stcb, > > * give out). This must be an attacker. > > */ > > *abort_flag = 1; > > - snprintf(msg, sizeof(msg), > > + if (snprintf(msg, sizeof(msg), > > "New cum ack %8.8x too high, highest TSN %8.8x", > > - new_cum_tsn, asoc->highest_tsn_inside_map); > > + new_cum_tsn, asoc->highest_tsn_inside_map) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_CAUSE_PROTOCOL_VIOLATION, msg); > > stcb->sctp_ep->last_abort_code = SCTP_FROM_SCTP_INDATA + SCTP_LOC_36; > > sctp_abort_an_association(stcb->sctp_ep, stcb, op_err, SCTP_SO_NOT_LOCKED); > > > > Modified: head/sys/netinet/sctp_input.c > > ============================================================================== > > --- head/sys/netinet/sctp_input.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_input.c Mon May 18 10:07:01 2020 (r361209) > > @@ -4692,7 +4692,9 @@ sctp_process_control(struct mbuf *m, int iphlen, int * > > } > > } > > if (stcb == NULL) { > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > /* no association, so it's out of the blue... */ > > @@ -4734,7 +4736,9 @@ sctp_process_control(struct mbuf *m, int iphlen, int * > > if (stcb != NULL) { > > SCTP_TCB_UNLOCK(stcb); > > } > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_handle_ootb(m, iphlen, *offset, src, dst, > > @@ -5671,7 +5675,9 @@ sctp_common_input_processing(struct mbuf **mm, int iph > > SCTP_TCB_UNLOCK(stcb); > > stcb = NULL; > > SCTP_PROBE5(receive, NULL, stcb, m, stcb, sh); > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, > > @@ -5733,7 +5739,9 @@ sctp_common_input_processing(struct mbuf **mm, int iph > > if (stcb == NULL) { > > /* out of the blue DATA chunk */ > > SCTP_PROBE5(receive, NULL, NULL, m, NULL, sh); > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, > > @@ -5799,7 +5807,9 @@ sctp_common_input_processing(struct mbuf **mm, int iph > > /* > > * We consider OOTB any data sent during asoc setup. > > */ > > - snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "OOTB, %s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_handle_ootb(m, iphlen, offset, src, dst, sh, inp, op_err, > > > > Modified: head/sys/netinet/sctp_output.c > > ============================================================================== > > --- head/sys/netinet/sctp_output.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_output.c Mon May 18 10:07:01 2020 (r361209) > > @@ -5581,7 +5581,9 @@ do_a_abort: > > if (op_err == NULL) { > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > } > > @@ -6758,8 +6760,10 @@ sctp_sendall_iterator(struct sctp_inpcb *inp, struct s > > char msg[SCTP_DIAG_INFO_LEN]; > > > > abort_anyway: > > - snprintf(msg, sizeof(msg), > > - "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), > > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > atomic_add_int(&stcb->asoc.refcnt, 1); > > @@ -9626,8 +9630,10 @@ sctp_chunk_retransmission(struct sctp_inpcb *inp, > > struct mbuf *op_err; > > char msg[SCTP_DIAG_INFO_LEN]; > > > > - snprintf(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up", > > - chk->rec.data.tsn, chk->snd_count); > > + if (snprintf(msg, sizeof(msg), "TSN %8.8x retransmitted %d times, giving up", > > + chk->rec.data.tsn, chk->snd_count) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > atomic_add_int(&stcb->asoc.refcnt, 1); > > @@ -13610,8 +13616,10 @@ dataless_eof: > > atomic_add_int(&stcb->asoc.refcnt, -1); > > free_cnt_applied = 0; > > } > > - snprintf(msg, sizeof(msg), > > - "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), > > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > NET_EPOCH_ENTER(et); > > > > Modified: head/sys/netinet/sctp_pcb.c > > ============================================================================== > > --- head/sys/netinet/sctp_pcb.c Mon May 18 09:46:51 2020 (r361208) > > +++ head/sys/netinet/sctp_pcb.c Mon May 18 10:07:01 2020 (r361209) > > @@ -544,9 +544,13 @@ sctp_add_addr_to_vrf(uint32_t vrf_id, void *ifn, uint3 > > atomic_add_int(&vrf->refcount, 1); > > sctp_ifnp->ifn_mtu = SCTP_GATHER_MTU_FROM_IFN_INFO(ifn, ifn_index, addr->sa_family); > > if (if_name != NULL) { > > - snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name); > > + if (snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", if_name) < 0) { > > + sctp_ifnp->ifn_name[0] = '\0'; > > + } > > } else { > > - snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown"); > > + if (snprintf(sctp_ifnp->ifn_name, SCTP_IFNAMSIZ, "%s", "unknown") < 0) { > > + sctp_ifnp->ifn_name[0] = '\0'; > > + } > > } > > hash_ifn_head = &SCTP_BASE_INFO(vrf_ifn_hash)[(ifn_index & SCTP_BASE_INFO(vrf_ifn_hashmark))]; > > LIST_INIT(&sctp_ifnp->ifalist); > > @@ -6221,8 +6225,10 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s > > * in setup state we > > * abort this guy > > */ > > - snprintf(msg, sizeof(msg), > > - "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), > > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_abort_an_association(stcb_tmp->sctp_ep, > > @@ -6321,8 +6327,10 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, s > > * in setup state we > > * abort this guy > > */ > > - snprintf(msg, sizeof(msg), > > - "%s:%d at %s", __FILE__, __LINE__, __func__); > > + if (snprintf(msg, sizeof(msg), > > + "%s:%d at %s", __FILE__, __LINE__, __func__) < 0) { > > + msg[0] = '\0'; > > + } > > op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code), > > msg); > > sctp_abort_an_association(stcb_tmp->sctp_ep,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpULv4B9taKOOf9minkXj9QBMgdwxPaYSLF6otFu97K6Ag>