On Mon, Feb 08, 2021 at 01:35:11PM +0000, Lutz Donnerhacke wrote: > The branch main has been updated by donner: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=45d75e3ac3fb5bf8230ca28dc09b48c6e5ed7a4f > > commit 45d75e3ac3fb5bf8230ca28dc09b48c6e5ed7a4f > Author: Lutz Donnerhacke <don...@freebsd.org> > AuthorDate: 2021-02-07 21:07:34 +0000 > Commit: Lutz Donnerhacke <don...@freebsd.org> > CommitDate: 2021-02-08 13:31:58 +0000 > > netgraph/ng_base: Allow larger BINARY2ASCII conversions > > Allocate the necessary memory for the conversion dynamically starting > with a value which is sufficient for almost all normal cases.
Is there some upper bound on the length of the input message? If not, a sufficiently large input looks like it could cause an infinite loop by triggering overflow in the bufSize *= 2 calculation. I also wonder why the same change was not made for ASCII2BINARY. > > PR: 187835 > Reviewed by: kp > Differential Revision: https://reviews.freebsd.org/D23840 > --- > sys/netgraph/ng_base.c | 14 +++++++++----- > 1 file changed, 9 insertions(+), 5 deletions(-) > > diff --git a/sys/netgraph/ng_base.c b/sys/netgraph/ng_base.c > index 6ab39421b255..63bc251f52f9 100644 > --- a/sys/netgraph/ng_base.c > +++ b/sys/netgraph/ng_base.c > @@ -2771,7 +2771,7 @@ ng_generic_msg(node_p here, item_p item, hook_p > lasthook) > > case NGM_BINARY2ASCII: > { > - int bufSize = 20 * 1024; /* XXX hard coded constant */ > + int bufSize = 1024; > const struct ng_parse_type *argstype; > const struct ng_cmdlist *c; > struct ng_mesg *binary, *ascii; > @@ -2785,7 +2785,7 @@ ng_generic_msg(node_p here, item_p item, hook_p > lasthook) > error = EINVAL; > break; > } > - > +retry_b2a: > /* Get a response message with lots of room */ > NG_MKRESPONSE(resp, msg, sizeof(*ascii) + bufSize, M_NOWAIT); > if (resp == NULL) { > @@ -2827,9 +2827,13 @@ ng_generic_msg(node_p here, item_p item, hook_p > lasthook) > if (argstype == NULL) { > *ascii->data = '\0'; > } else { > - if ((error = ng_unparse(argstype, > - (u_char *)binary->data, > - ascii->data, bufSize)) != 0) { > + error = ng_unparse(argstype, (u_char *)binary->data, > + ascii->data, bufSize); > + if (error == ERANGE) { > + NG_FREE_MSG(resp); > + bufSize *= 2; > + goto retry_b2a; > + } else if (error) { > NG_FREE_MSG(resp); > break; > } > _______________________________________________ > dev-commits-src-...@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all > To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org" _______________________________________________ dev-commits-src-main@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
