Author: araujo Date: Tue Dec 18 03:00:12 2018 New Revision: 342184 URL: https://svnweb.freebsd.org/changeset/base/342184
Log: MFC r340707: Define AHCI_PORT_IDENT and increase by 1 the VTBLK_BLK_ID_BYTES to avoid buffer accessed out of bounds, also switch to snprintf(3). PR: 200859 Submitted by: Caglar <cag...@10ur.org> Obtained from: https://github.com/mist64/xhyve/pull/24 Modified: stable/12/usr.sbin/bhyve/pci_ahci.c stable/12/usr.sbin/bhyve/pci_virtio_block.c Directory Properties: stable/12/ (props changed) Modified: stable/12/usr.sbin/bhyve/pci_ahci.c ============================================================================== --- stable/12/usr.sbin/bhyve/pci_ahci.c Tue Dec 18 01:12:30 2018 (r342183) +++ stable/12/usr.sbin/bhyve/pci_ahci.c Tue Dec 18 03:00:12 2018 (r342184) @@ -105,7 +105,7 @@ enum sata_fis_type { * ATA commands */ #define ATA_SF_ENAB_SATA_SF 0x10 -#define ATA_SATA_SF_AN 0x05 +#define ATA_SATA_SF_AN 0x05 #define ATA_SF_DIS_SATA_SF 0x90 /* @@ -119,6 +119,8 @@ static FILE *dbg; #endif #define WPRINTF(format, arg...) printf(format, ##arg) +#define AHCI_PORT_IDENT 20 + 1 + struct ahci_ioreq { struct blockif_req io_req; struct ahci_port *io_pr; @@ -136,7 +138,7 @@ struct ahci_port { struct pci_ahci_softc *pr_sc; uint8_t *cmd_lst; uint8_t *rfis; - char ident[20 + 1]; + char ident[AHCI_PORT_IDENT]; int port; int atapi; int reset; @@ -2374,7 +2376,8 @@ pci_ahci_init(struct vmctx *ctx, struct pci_devinst *p MD5Init(&mdctx); MD5Update(&mdctx, opts, strlen(opts)); MD5Final(digest, &mdctx); - sprintf(sc->port[p].ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X", + snprintf(sc->port[p].ident, AHCI_PORT_IDENT, + "BHYVE-%02X%02X-%02X%02X-%02X%02X", digest[0], digest[1], digest[2], digest[3], digest[4], digest[5]); Modified: stable/12/usr.sbin/bhyve/pci_virtio_block.c ============================================================================== --- stable/12/usr.sbin/bhyve/pci_virtio_block.c Tue Dec 18 01:12:30 2018 (r342183) +++ stable/12/usr.sbin/bhyve/pci_virtio_block.c Tue Dec 18 03:00:12 2018 (r342184) @@ -61,7 +61,7 @@ __FBSDID("$FreeBSD$"); #define VTBLK_S_IOERR 1 #define VTBLK_S_UNSUPP 2 -#define VTBLK_BLK_ID_BYTES 20 +#define VTBLK_BLK_ID_BYTES 20 + 1 /* Capability bits */ #define VTBLK_F_SEG_MAX (1 << 2) /* Maximum request segments */ @@ -344,7 +344,8 @@ pci_vtblk_init(struct vmctx *ctx, struct pci_devinst * MD5Init(&mdctx); MD5Update(&mdctx, opts, strlen(opts)); MD5Final(digest, &mdctx); - sprintf(sc->vbsc_ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X", + snprintf(sc->vbsc_ident, VTBLK_BLK_ID_BYTES, + "BHYVE-%02X%02X-%02X%02X-%02X%02X", digest[0], digest[1], digest[2], digest[3], digest[4], digest[5]); /* setup virtio block config space */ _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
