From owner-freebsd-bugs@FreeBSD.ORG Wed Feb 25 19:00:12 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12FC21065686 for ; Wed, 25 Feb 2009 19:00:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 00FEC8FC1D for ; Wed, 25 Feb 2009 19:00:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1PJ0BZ6073648 for ; Wed, 25 Feb 2009 19:00:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1PJ0BA7073647; Wed, 25 Feb 2009 19:00:11 GMT (envelope-from gnats) Date: Wed, 25 Feb 2009 19:00:11 GMT Message-Id: <200902251900.n1PJ0BA7073647@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Jaakko Heinonen Cc: Subject: Re: kern/132104: kenv buffer overflow X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Jaakko Heinonen List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2009 19:00:12 -0000 The following reply was made to PR kern/132104; it has been noted by GNATS. From: Jaakko Heinonen To: Dylan Cochran Cc: bug-followup@FreeBSD.org Subject: Re: kern/132104: kenv buffer overflow Date: Wed, 25 Feb 2009 20:56:26 +0200 Hi, On 2009-02-25, Dylan Cochran wrote: > This prevents the panic condition, but also increases the amount of > time the mutex is held. Comments? > > mtx_lock(&kenv_lock); > cp = _getenv_dynamic(name, NULL); > if (cp != NULL) { > - strcpy(buf, cp); > - mtx_unlock(&kenv_lock); > - len = strlen(buf) + 1; > + len = strlen(cp) + 1; > ret = malloc(len, M_KENV, M_WAITOK); > - strcpy(ret, buf); > + strcpy(ret, cp); > + mtx_unlock(&kenv_lock); malloc(9) with M_WAITOK flag could sleep. You are not allowed to sleep while holding a mutex. -- Jaakko