From owner-freebsd-bugs@FreeBSD.ORG Mon Sep 22 07:20:14 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C116216A4B3 for ; Mon, 22 Sep 2003 07:20:14 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 25AE743FF5 for ; Mon, 22 Sep 2003 07:20:12 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h8MEKCFY042341 for ; Mon, 22 Sep 2003 07:20:12 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h8MEKB5J042340; Mon, 22 Sep 2003 07:20:11 -0700 (PDT) (envelope-from gnats) Resent-Date: Mon, 22 Sep 2003 07:20:11 -0700 (PDT) Resent-Message-Id: <200309221420.h8MEKB5J042340@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Rui Lopes Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 418A016A4B3 for ; Mon, 22 Sep 2003 07:10:20 -0700 (PDT) Received: from ns.webtt.biz (ns.webtt.biz [64.239.29.225]) by mx1.FreeBSD.org (Postfix) with SMTP id 4FD844400D for ; Mon, 22 Sep 2003 07:10:19 -0700 (PDT) (envelope-from root@ns.webtt.biz) Received: (qmail 24408 invoked by uid 0); 22 Sep 2003 14:12:25 -0000 Message-Id: <20030922141225.24407.qmail@ns.webtt.biz> Date: 22 Sep 2003 14:12:25 -0000 From: Rui Lopes To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/57088: [PATCH] for a possible fd leak in libcam.c X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Rui Lopes List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2003 14:20:14 -0000 >Number: 57088 >Category: bin >Synopsis: [PATCH] for a possible fd leak in libcam.c >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Sep 22 07:20:11 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Rui Lopes >Release: FreeBSD 5.1-RELEASE-p5 i386 >Organization: >Environment: System: FreeBSD disty 5.1-RELEASE-p5 FreeBSD 5.1-RELEASE-p5 #2: Mon Sep 22 12:24:38 WEST 2003 root@disty:/usr/obj/usr/src/sys/DEBUGGER i386 >Description: * Fixes one possible FD leak. * Fixes some buffer overrun. NOTE: The others sprintf seem inoffensive, because we control what we place in the buffer, so I didn't change them. >How-To-Repeat: >Fix: --- camlib.c.patch begins here --- # * Fixes one possible FD leak. # * Fixes some buffer overrun. # -- Rui Lopes --- camlib.c.orig Mon Sep 22 14:24:52 2003 +++ camlib.c Mon Sep 22 14:51:02 2003 @@ -388,8 +388,9 @@ PERIPH_MATCH_LUN | PERIPH_MATCH_NAME; if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) { - sprintf(cam_errbuf, "%s: CAMIOCOMMAND ioctl failed\n" - "%s: %s", func_name, func_name, strerror(errno)); + snprintf(cam_errbuf, CAM_ERRBUF_SIZE, + "%s: CAMIOCOMMAND ioctl failed\n%s: %s", func_name, + func_name, strerror(errno)); goto btl_bailout; } @@ -515,6 +516,7 @@ "%s: %s%s", func_name, func_name, strerror(errno), (errno == ENOENT) ? tmpstr : ""); + close(fd); return(NULL); } @@ -527,8 +529,9 @@ * the device the user gave us. */ if (ccb.cgdl.status == CAM_GDEVLIST_ERROR) { - sprintf(cam_errbuf, "%s: device %s%d does not exist", - func_name, dev_name, unit); + snprintf(cam_errbuf, CAM_ERRBUF_SIZE, + "%s: device %s%d does not exist", func_name, dev_name, + unit); return(NULL); } @@ -558,9 +561,9 @@ if (device == NULL) { if ((device = (struct cam_device *)malloc( sizeof(struct cam_device))) == NULL) { - sprintf(cam_errbuf, "%s: device structure malloc" - " failed\n%s: %s", func_name, func_name, - strerror(errno)); + snprintf(cam_errbuf, CAM_ERRBUF_SIZE, + "%s: device structure malloc failed\n%s: %s", + func_name, func_name, strerror(errno)); return(NULL); } device->fd = -1; @@ -616,8 +619,9 @@ * because we just opened it above. The only way this * ioctl can fail is if the ccb size is wrong. */ - sprintf(cam_errbuf, "%s: CAMGETPASSTHRU ioctl failed\n" - "%s: %s", func_name, func_name, strerror(errno)); + snprintf(cam_errbuf, CAM_ERRBUF_SIZE, + "%s: CAMGETPASSTHRU ioctl failed\n%s: %s", func_name, + func_name, strerror(errno)); goto crod_bailout; } @@ -642,8 +646,9 @@ ccb.ccb_h.func_code = XPT_PATH_INQ; if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) { - sprintf(cam_errbuf, "%s: Path Inquiry CCB failed\n" - "%s: %s", func_name, func_name, strerror(errno)); + snprintf(cam_errbuf, CAM_ERRBUF_SIZE, + "%s: Path Inquiry CCB failed\n%s: %s", func_name, + func_name, strerror(errno)); goto crod_bailout; } strlcpy(device->sim_name, ccb.cpi.dev_name, sizeof(device->sim_name)); @@ -656,8 +661,9 @@ */ ccb.ccb_h.func_code = XPT_GDEV_TYPE; if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) { - sprintf(cam_errbuf, "%s: Get Device Type CCB failed\n" - "%s: %s", func_name, func_name, strerror(errno)); + snprintf(cam_errbuf, CAM_ERRBUF_SIZE, + "%s: Get Device Type CCB failed\n%s: %s", func_name, + func_name, strerror(errno)); goto crod_bailout; } device->pd_type = SID_TYPE(&ccb.cgd.inq_data); @@ -679,8 +685,9 @@ ccb.cts.flags = CCB_TRANS_CURRENT_SETTINGS; if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) { - sprintf(cam_errbuf, "%s: Get Transfer Settings CCB failed\n" - "%s: %s", func_name, func_name, strerror(errno)); + snprintf(cam_errbuf, CAM_ERRBUF_SIZE, + "%s: Get Transfer Settings CCB failed\n%s: %s", + func_name, func_name, strerror(errno)); goto crod_bailout; } device->sync_period = ccb.cts.sync_period; --- camlib.c.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: