Date: Wed, 28 Apr 2010 10:18:40 -0700 From: Alfred Perlstein <alfred@freebsd.org> To: current@freebsd.org Subject: fixes for enhanced coredump Message-ID: <20100428171840.GS35381@elvis.mu.org>
next in thread | raw e-mail | index | archive | help
I was recently working on the enhanced coredumps
internal to Juniper and realized that there were
some defects in the code I pushed (mostly due to
mismerge), can someone please review?
1) don't allocate hostname[] on the stack
2) don't leak the temp buffer in imgact_elf_coredump.
thank you,
-Alfred
Index: kern/kern_sig.c
===================================================================
--- kern/kern_sig.c (revision 207329)
+++ kern/kern_sig.c (working copy)
@@ -3004,8 +3004,9 @@
char *temp;
size_t i;
int indexpos;
- char hostname[MAXHOSTNAMELEN];
+ char *hostname;
+ hostname = NULL;
format = corefilename;
temp = malloc(MAXPATHLEN, M_TEMP, M_NOWAIT | M_ZERO);
if (temp == NULL)
@@ -3021,6 +3022,19 @@
sbuf_putc(&sb, '%');
break;
case 'H': /* hostname */
+ if (hostname == NULL) {
+ hostname = malloc(MAXHOSTNAMELEN,
+ M_TEMP, M_NOWAIT);
+ if (hostname == NULL) {
+ log(LOG_ERR,
+ "pid %ld (%s), uid (%lu): "
+ "unable to alloc memory "
+ "for corefile hostname\n",
+ (long)pid, name,
+ (u_long)uid);
+ goto nomem;
+ }
+ }
getcredhostname(td->td_ucred, hostname,
sizeof(hostname));
sbuf_printf(&sb, "%s", hostname);
@@ -3054,9 +3068,10 @@
}
#endif
if (sbuf_overflowed(&sb)) {
- sbuf_delete(&sb);
log(LOG_ERR, "pid %ld (%s), uid (%lu): corename is too "
"long\n", (long)pid, name, (u_long)uid);
+nomem:
+ sbuf_delete(&sb);
free(temp, M_TEMP);
return (NULL);
}
Index: kern/imgact_elf.c
===================================================================
--- kern/imgact_elf.c (revision 207329)
+++ kern/imgact_elf.c (working copy)
@@ -1088,8 +1088,10 @@
hdrsize = 0;
__elfN(puthdr)(td, (void *)NULL, &hdrsize, seginfo.count);
- if (hdrsize + seginfo.size >= limit)
- return (EFAULT);
+ if (hdrsize + seginfo.size >= limit) {
+ error = EFAULT;
+ goto done;
+ }
/*
* Allocate memory for building the header, fill it up,
@@ -1097,7 +1099,8 @@
*/
hdr = malloc(hdrsize, M_TEMP, M_WAITOK);
if (hdr == NULL) {
- return (EINVAL);
+ error = EINVAL;
+ goto done;
}
error = __elfN(corehdr)(td, vp, cred, seginfo.count, hdr, hdrsize,
gzfile);
@@ -1125,8 +1128,8 @@
curproc->p_comm, error);
}
+done:
#ifdef COMPRESS_USER_CORES
-done:
if (core_buf)
free(core_buf, M_TEMP);
if (gzfile)
--
- Alfred Perlstein
.- AMA, VMOA #5191, 03 vmax, 92 gs500, 85 ch250, 07 zx10
.- FreeBSD committer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100428171840.GS35381>