Date: Tue, 13 Nov 2012 14:45:40 -0500 From: Eitan Adler <lists@eitanadler.com> To: Baptiste Daroussin <bapt@freebsd.org> Cc: Konstantin Belousov <kostikbel@gmail.com>, arch@freebsd.org Subject: Re: Increasing MAXLOGNAME from 17 to 33 Message-ID: <CAF6rxgmz-RPHb3zJ2EwdRwh88-WjK%2B7a6j2%2BypSx5JrDq2Yv%2BA@mail.gmail.com> In-Reply-To: <20121113183412.GA75103@ithaqua.etoilebsd.net> References: <20121113111806.GE62533@ithaqua.etoilebsd.net> <20121113115034.GJ73505@kib.kiev.ua> <20121113183412.GA75103@ithaqua.etoilebsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13 November 2012 13:34, Baptiste Daroussin <bapt@freebsd.org> wrote: > On Tue, Nov 13, 2012 at 01:50:34PM +0200, Konstantin Belousov wrote: > > After auditing base, it seems like this patch is enough > http://people.freebsd.org/~bapt/maxlogname-33.diff I'm not sure, but doesn't access to p->p_session need to be under a lock? Something like (although the duplicate unlocking code is annoying): diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 53af793..8a97994 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -2081,6 +2081,11 @@ sys_getlogin(struct thread *td, struct getlogin_args *uap) uap->namelen = MAXLOGNAME; PROC_LOCK(p); SESS_LOCK(p->p_session); + if (strlen(p->p_session->s_login) + 1 > uap->namelen) { + SESS_UNLOCK(p->p_session); + PROC_UNLOCK(p); + return (ERANGE); + } bcopy(p->p_session->s_login, login, uap->namelen); SESS_UNLOCK(p->p_session); PROC_UNLOCK(p); -- Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgmz-RPHb3zJ2EwdRwh88-WjK%2B7a6j2%2BypSx5JrDq2Yv%2BA>