Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 12 Mar 2018 17:37:38 +0000 (UTC)
From:      Eugene Grosbein <eugen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r330805 - stable/10/usr.sbin/ppp
Message-ID:  <201803121737.w2CHbcWX008197@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: eugen
Date: Mon Mar 12 17:37:38 2018
New Revision: 330805
URL: https://svnweb.freebsd.org/changeset/base/330805

Log:
  MFC r329105: ppp(8): fix code producing debugging logs
  
    ppp(8): fix code producing debugging logs
  
    Fix several cases when long buffer is copied to shorter one
    using snprintf that results in contents truncation and
    clobbering unsaved errno value and creation of misleading logs.
  
  PR:		218517
  Approved by:	mav (mentor)

Modified:
  stable/10/usr.sbin/ppp/defs.h
  stable/10/usr.sbin/ppp/iface.c
  stable/10/usr.sbin/ppp/ip.c
  stable/10/usr.sbin/ppp/ipv6cp.c
  stable/10/usr.sbin/ppp/ncpaddr.c
  stable/10/usr.sbin/ppp/route.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.sbin/ppp/defs.h
==============================================================================
--- stable/10/usr.sbin/ppp/defs.h	Mon Mar 12 17:36:37 2018	(r330804)
+++ stable/10/usr.sbin/ppp/defs.h	Mon Mar 12 17:37:38 2018	(r330805)
@@ -117,6 +117,8 @@
 
 #define ROUNDUP(x) ((x) ? (1 + (((x) - 1) | (sizeof(long) - 1))) : sizeof(long))
 
+#define NCP_ASCIIBUFFERSIZE	52
+
 #ifdef __NetBSD__
 extern void randinit(void);
 #else

Modified: stable/10/usr.sbin/ppp/iface.c
==============================================================================
--- stable/10/usr.sbin/ppp/iface.c	Mon Mar 12 17:36:37 2018	(r330804)
+++ stable/10/usr.sbin/ppp/iface.c	Mon Mar 12 17:37:38 2018	(r330805)
@@ -209,7 +209,7 @@ iface_addr_Zap(const char *name, struct iface_addr *ad
 #endif
   struct sockaddr_in *me4, *msk4, *peer4;
   struct sockaddr_storage ssme, sspeer, ssmsk;
-  int res;
+  int res, saved_errno;
 
   ncprange_getsa(&addr->ifa, &ssme, &ssmsk);
   ncpaddr_getsa(&addr->peer, &sspeer);
@@ -235,8 +235,9 @@ iface_addr_Zap(const char *name, struct iface_addr *ad
       memcpy(peer4, &sspeer, sizeof *peer4);
 
     res = ID0ioctl(s, SIOCDIFADDR, &ifra);
+    saved_errno = errno;
     if (log_IsKept(LogDEBUG)) {
-      char buf[100];
+      char buf[NCP_ASCIIBUFFERSIZE];
 
       snprintf(buf, sizeof buf, "%s", ncprange_ntoa(&addr->ifa));
       log_Printf(LogWARN, "%s: DIFADDR %s -> %s returns %d\n",
@@ -260,12 +261,13 @@ iface_addr_Zap(const char *name, struct iface_addr *ad
     ifra6.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
 
     res = ID0ioctl(s, SIOCDIFADDR_IN6, &ifra6);
+    saved_errno = errno;
     break;
 #endif
   }
 
   if (res == -1) {
-    char dst[40];
+    char dst[NCP_ASCIIBUFFERSIZE];
     const char *end =
 #ifndef NOINET6
       ncprange_family(&addr->ifa) == AF_INET6 ? "_IN6" :
@@ -274,11 +276,11 @@ iface_addr_Zap(const char *name, struct iface_addr *ad
 
     if (ncpaddr_family(&addr->peer) == AF_UNSPEC)
       log_Printf(LogWARN, "iface rm: ioctl(SIOCDIFADDR%s, %s): %s\n",
-                 end, ncprange_ntoa(&addr->ifa), strerror(errno));
+                 end, ncprange_ntoa(&addr->ifa), strerror(saved_errno));
     else {
       snprintf(dst, sizeof dst, "%s", ncpaddr_ntoa(&addr->peer));
       log_Printf(LogWARN, "iface rm: ioctl(SIOCDIFADDR%s, %s -> %s): %s\n",
-                 end, ncprange_ntoa(&addr->ifa), dst, strerror(errno));
+                 end, ncprange_ntoa(&addr->ifa), dst, strerror(saved_errno));
     }
   }
 
@@ -294,7 +296,7 @@ iface_addr_Add(const char *name, struct iface_addr *ad
 #endif
   struct sockaddr_in *me4, *msk4, *peer4;
   struct sockaddr_storage ssme, sspeer, ssmsk;
-  int res;
+  int res, saved_errno;
 
   ncprange_getsa(&addr->ifa, &ssme, &ssmsk);
   ncpaddr_getsa(&addr->peer, &sspeer);
@@ -320,8 +322,9 @@ iface_addr_Add(const char *name, struct iface_addr *ad
       memcpy(peer4, &sspeer, sizeof *peer4);
 
     res = ID0ioctl(s, SIOCAIFADDR, &ifra);
+    saved_errno = errno;
     if (log_IsKept(LogDEBUG)) {
-      char buf[100];
+      char buf[NCP_ASCIIBUFFERSIZE];
 
       snprintf(buf, sizeof buf, "%s", ncprange_ntoa(&addr->ifa));
       log_Printf(LogWARN, "%s: AIFADDR %s -> %s returns %d\n",
@@ -345,12 +348,13 @@ iface_addr_Add(const char *name, struct iface_addr *ad
     ifra6.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
 
     res = ID0ioctl(s, SIOCAIFADDR_IN6, &ifra6);
+    saved_errno = errno;
     break;
 #endif
   }
 
   if (res == -1) {
-    char dst[40];
+    char dst[NCP_ASCIIBUFFERSIZE];
     const char *end =
 #ifndef NOINET6
       ncprange_family(&addr->ifa) == AF_INET6 ? "_IN6" :
@@ -359,11 +363,11 @@ iface_addr_Add(const char *name, struct iface_addr *ad
 
     if (ncpaddr_family(&addr->peer) == AF_UNSPEC)
       log_Printf(LogWARN, "iface add: ioctl(SIOCAIFADDR%s, %s): %s\n",
-                 end, ncprange_ntoa(&addr->ifa), strerror(errno));
+                 end, ncprange_ntoa(&addr->ifa), strerror(saved_errno));
     else {
       snprintf(dst, sizeof dst, "%s", ncpaddr_ntoa(&addr->peer));
       log_Printf(LogWARN, "iface add: ioctl(SIOCAIFADDR%s, %s -> %s): %s\n",
-                 end, ncprange_ntoa(&addr->ifa), dst, strerror(errno));
+                 end, ncprange_ntoa(&addr->ifa), dst, strerror(saved_errno));
     }
   }
 

Modified: stable/10/usr.sbin/ppp/ip.c
==============================================================================
--- stable/10/usr.sbin/ppp/ip.c	Mon Mar 12 17:36:37 2018	(r330804)
+++ stable/10/usr.sbin/ppp/ip.c	Mon Mar 12 17:37:38 2018	(r330805)
@@ -224,7 +224,7 @@ FilterCheck(const unsigned char *packet,
   int match;			/* true if condition matched */
   int mindata;			/* minimum data size or zero */
   const struct filterent *fp = filter->rule;
-  char dbuff[100], dstip[16];
+  char dbuff[100], dstip[NCP_ASCIIBUFFERSIZE];
   struct ncpaddr srcaddr, dstaddr;
   const char *payload;		/* IP payload */
   int datalen;			/* IP datagram length */

Modified: stable/10/usr.sbin/ppp/ipv6cp.c
==============================================================================
--- stable/10/usr.sbin/ppp/ipv6cp.c	Mon Mar 12 17:36:37 2018	(r330804)
+++ stable/10/usr.sbin/ppp/ipv6cp.c	Mon Mar 12 17:37:38 2018	(r330805)
@@ -465,7 +465,7 @@ ipv6cp_LayerUp(struct fsm *fp)
 {
   /* We're now up */
   struct ipv6cp *ipv6cp = fsm2ipv6cp(fp);
-  char tbuff[40];
+  char tbuff[NCP_ASCIIBUFFERSIZE];
 
   log_Printf(LogIPV6CP, "%s: LayerUp.\n", fp->link->name);
   if (!ipv6cp_InterfaceUp(ipv6cp))
@@ -522,7 +522,7 @@ ipv6cp_LayerDown(struct fsm *fp)
   /* About to come down */
   struct ipv6cp *ipv6cp = fsm2ipv6cp(fp);
   static int recursing;
-  char addr[40];
+  char addr[NCP_ASCIIBUFFERSIZE];
 
   if (!recursing++) {
     snprintf(addr, sizeof addr, "%s", ncpaddr_ntoa(&ipv6cp->myaddr));

Modified: stable/10/usr.sbin/ppp/ncpaddr.c
==============================================================================
--- stable/10/usr.sbin/ppp/ncpaddr.c	Mon Mar 12 17:36:37 2018	(r330804)
+++ stable/10/usr.sbin/ppp/ncpaddr.c	Mon Mar 12 17:37:38 2018	(r330805)
@@ -76,8 +76,6 @@
 #define ncpaddr_ip6addr		u.ip6addr
 #endif
 
-#define	NCP_ASCIIBUFFERSIZE	52
-
 static struct in_addr
 bits2mask4(int bits)
 {

Modified: stable/10/usr.sbin/ppp/route.c
==============================================================================
--- stable/10/usr.sbin/ppp/route.c	Mon Mar 12 17:36:37 2018	(r330804)
+++ stable/10/usr.sbin/ppp/route.c	Mon Mar 12 17:37:38 2018	(r330805)
@@ -435,7 +435,7 @@ route_IfDelete(struct bundle *bundle, int all)
            ) &&
           (all || (rtm->rtm_flags & RTF_GATEWAY))) {
         if (log_IsKept(LogDEBUG)) {
-          char gwstr[41];
+          char gwstr[NCP_ASCIIBUFFERSIZE];
           struct ncpaddr gw;
           ncprange_setsa(&range, sa[RTAX_DST], sa[RTAX_NETMASK]);
           ncpaddr_setsa(&gw, sa[RTAX_GATEWAY]);
@@ -840,7 +840,7 @@ failed:
   }
 
   if (log_IsKept(LogDEBUG)) {
-    char gwstr[40];
+    char gwstr[NCP_ASCIIBUFFERSIZE];
 
     if (gw)
       snprintf(gwstr, sizeof gwstr, "%s", ncpaddr_ntoa(gw));



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803121737.w2CHbcWX008197>