Module Name: src
Committed By: christos
Date: Thu Mar 27 18:22:56 UTC 2014
Modified Files:
src/sys/arch/dreamcast/dev/maple: maple.c
src/sys/arch/ia64/disasm: disasm_format.c
src/sys/arch/ia64/stand/efi/libefi: devicename.c
src/sys/arch/ia64/stand/ia64/ski: devicename.c
src/sys/arch/next68k/dev: esp.c
src/sys/arch/prep/prep: autoconf.c residual.c
src/sys/arch/sparc/sparc: cpu.c
src/sys/arch/x86/acpi: acpi_cpu_md.c
src/sys/arch/x86/x86: est.c odcm.c procfs_machdep.c
src/sys/arch/xen/xen: pciback.c
src/sys/arch/xen/xenbus: xenbus_client.c
Log Message:
correct/add protection against snprintf overflow.
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/sys/arch/dreamcast/dev/maple/maple.c
cvs rdiff -u -r1.2 -r1.3 src/sys/arch/ia64/disasm/disasm_format.c
cvs rdiff -u -r1.6 -r1.7 src/sys/arch/ia64/stand/efi/libefi/devicename.c
cvs rdiff -u -r1.5 -r1.6 src/sys/arch/ia64/stand/ia64/ski/devicename.c
cvs rdiff -u -r1.61 -r1.62 src/sys/arch/next68k/dev/esp.c
cvs rdiff -u -r1.26 -r1.27 src/sys/arch/prep/prep/autoconf.c
cvs rdiff -u -r1.17 -r1.18 src/sys/arch/prep/prep/residual.c
cvs rdiff -u -r1.242 -r1.243 src/sys/arch/sparc/sparc/cpu.c
cvs rdiff -u -r1.75 -r1.76 src/sys/arch/x86/acpi/acpi_cpu_md.c
cvs rdiff -u -r1.28 -r1.29 src/sys/arch/x86/x86/est.c
cvs rdiff -u -r1.3 -r1.4 src/sys/arch/x86/x86/odcm.c
cvs rdiff -u -r1.4 -r1.5 src/sys/arch/x86/x86/procfs_machdep.c
cvs rdiff -u -r1.7 -r1.8 src/sys/arch/xen/xen/pciback.c
cvs rdiff -u -r1.11 -r1.12 src/sys/arch/xen/xenbus/xenbus_client.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/dreamcast/dev/maple/maple.c
diff -u src/sys/arch/dreamcast/dev/maple/maple.c:1.49 src/sys/arch/dreamcast/dev/maple/maple.c:1.50
--- src/sys/arch/dreamcast/dev/maple/maple.c:1.49 Wed Mar 26 12:08:45 2014
+++ src/sys/arch/dreamcast/dev/maple/maple.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: maple.c,v 1.49 2014/03/26 16:08:45 christos Exp $ */
+/* $NetBSD: maple.c,v 1.50 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: maple.c,v 1.49 2014/03/26 16:08:45 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: maple.c,v 1.50 2014/03/27 18:22:56 christos Exp $");
#include <sys/param.h>
#include <sys/device.h>
@@ -353,7 +353,9 @@ maple_run_polling(device_t dev)
static char *
maple_unit_name(char *buf, size_t len, int port, int subunit)
{
- int l = snprintf(buf, len, "maple%c", port + 'A');
+ size_t l = snprintf(buf, len, "maple%c", port + 'A');
+ if (l > len)
+ l = len;
if (subunit)
snprintf(buf + l, len - l, "%d", subunit);
Index: src/sys/arch/ia64/disasm/disasm_format.c
diff -u src/sys/arch/ia64/disasm/disasm_format.c:1.2 src/sys/arch/ia64/disasm/disasm_format.c:1.3
--- src/sys/arch/ia64/disasm/disasm_format.c:1.2 Tue Mar 25 14:35:32 2014
+++ src/sys/arch/ia64/disasm/disasm_format.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: disasm_format.c,v 1.2 2014/03/25 18:35:32 christos Exp $ */
+/* $NetBSD: disasm_format.c,v 1.3 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 2000-2003 Marcel Moolenaar
@@ -277,6 +277,8 @@ asm_operand(const struct asm_oper *o, ch
}
if (n[0] != '\0') {
l = snprintf(buf, buflen, "%s[", n);
+ if (l > buflen)
+ l = buflen;
buf += l;
buflen -= l;
}
@@ -284,7 +286,11 @@ asm_operand(const struct asm_oper *o, ch
case 1: l = strlcpy(buf, "gp", buflen); break;
case 12: l = strlcpy(buf, "sp", buflen); break;
case 13: l = strlcpy(buf, "tp", buflen); break;
- default: l += snprintf(buf, buflen, "r%d", (int)o->o_value); break;
+ default:
+ l += snprintf(buf, buflen, "r%d", (int)o->o_value);
+ if (l > buflen)
+ l = buflen;
+ break;
}
buf += l;
buflen -= l;
Index: src/sys/arch/ia64/stand/efi/libefi/devicename.c
diff -u src/sys/arch/ia64/stand/efi/libefi/devicename.c:1.6 src/sys/arch/ia64/stand/efi/libefi/devicename.c:1.7
--- src/sys/arch/ia64/stand/efi/libefi/devicename.c:1.6 Tue Mar 25 14:35:33 2014
+++ src/sys/arch/ia64/stand/efi/libefi/devicename.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: devicename.c,v 1.6 2014/03/25 18:35:33 christos Exp $ */
+/* $NetBSD: devicename.c,v 1.7 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 1998 Michael Smith <msm...@freebsd.org>
@@ -208,7 +208,7 @@ efi_fmtdev(void *vdev)
{
struct efi_devdesc *dev = (struct efi_devdesc *)vdev;
static char buf[128]; /* XXX device length constant? */
- size_t len;
+ size_t len, buflen = sizeof(buf);
switch(dev->d_type) {
case DEVT_NONE:
@@ -216,16 +216,24 @@ efi_fmtdev(void *vdev)
break;
case DEVT_DISK:
- len = snprintf(buf, sizeof(buf), "%s%d", dev->d_dev->dv_name, dev->d_kind.efidisk.unit);
- if (dev->d_kind.efidisk.slice > 0)
- len += snprintf(buf + len, sizeof(buf) - len, "s%d", dev->d_kind.efidisk.slice);
- if (dev->d_kind.efidisk.partition >= 0)
- len += snprintf(buf + len, sizeof(buf) - len, "%c", dev->d_kind.efidisk.partition + 'a');
+ len = snprintf(buf, buflen, "%s%d", dev->d_dev->dv_name, dev->d_kind.efidisk.unit);
+ if (len > buflen)
+ len = buflen;
+ if (dev->d_kind.efidisk.slice > 0) {
+ len += snprintf(buf + len, buflen - len, "s%d", dev->d_kind.efidisk.slice);
+ if (len > buflen)
+ len = buflen;
+ }
+ if (dev->d_kind.efidisk.partition >= 0) {
+ len += snprintf(buf + len, buflen - len, "%c", dev->d_kind.efidisk.partition + 'a');
+ if (len > buflen)
+ }
+ len = buflen;
strlcat(buf, ":", sizeof(buf) - len);
break;
case DEVT_NET:
- snprintf(buf, sizeof(buf), "%s%d:", dev->d_dev->dv_name, dev->d_kind.netif.unit);
+ snprintf(buf, buflen, "%s%d:", dev->d_dev->dv_name, dev->d_kind.netif.unit);
break;
}
return(buf);
Index: src/sys/arch/ia64/stand/ia64/ski/devicename.c
diff -u src/sys/arch/ia64/stand/ia64/ski/devicename.c:1.5 src/sys/arch/ia64/stand/ia64/ski/devicename.c:1.6
--- src/sys/arch/ia64/stand/ia64/ski/devicename.c:1.5 Tue Mar 25 14:35:33 2014
+++ src/sys/arch/ia64/stand/ia64/ski/devicename.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: devicename.c,v 1.5 2014/03/25 18:35:33 christos Exp $ */
+/* $NetBSD: devicename.c,v 1.6 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 1998 Michael Smith <msm...@freebsd.org>
@@ -203,24 +203,32 @@ ski_fmtdev(void *vdev)
{
struct ski_devdesc *dev = (struct ski_devdesc *)vdev;
static char buf[128]; /* XXX device length constant? */
- size_t len;
+ size_t len, buflen = sizeof(buf);
switch(dev->d_type) {
case DEVT_NONE:
- strcpy(buf, "(no device)");
+ strlcpy(buf, "(no device)", buflen);
break;
case DEVT_DISK:
- len = snprintf(buf, sizeof(buf), "%s%d", dev->d_dev->dv_name, dev->d_kind.skidisk.unit);
- if (dev->d_kind.skidisk.slice > 0)
- len = snprintf(buf, sizeof(buf) - len, "s%d", dev->d_kind.skidisk.slice);
- if (dev->d_kind.skidisk.partition >= 0)
- len = snprintf(buf, sizeof(buf) - len, "%c", dev->d_kind.skidisk.partition + 'a');
- strlcat(cp, ":", sizeof(buf) - len);
+ len = snprintf(buf, buflen, "%s%d", dev->d_dev->dv_name, dev->d_kind.skidisk.unit);
+ if (len > buflen)
+ len = buflen;
+ if (dev->d_kind.skidisk.slice > 0) {
+ len += snprintf(buf + len, buflen - len, "s%d", dev->d_kind.skidisk.slice);
+ if (len > buflen)
+ len = buflen;
+ }
+ if (dev->d_kind.skidisk.partition >= 0) {
+ len += snprintf(buf + len, buflen - len, "%c", dev->d_kind.skidisk.partition + 'a');
+ if (len > buflen)
+ len = buflen;
+ }
+ strlcat(cp, ":", buflen - len);
break;
case DEVT_NET:
- snprintf(buf, sizeof(buf) - len, "%s%d:", dev->d_dev->dv_name, dev->d_kind.netif.unit);
+ snprintf(buf, buflen - len, "%s%d:", dev->d_dev->dv_name, dev->d_kind.netif.unit);
break;
}
return(buf);
Index: src/sys/arch/next68k/dev/esp.c
diff -u src/sys/arch/next68k/dev/esp.c:1.61 src/sys/arch/next68k/dev/esp.c:1.62
--- src/sys/arch/next68k/dev/esp.c:1.61 Tue Mar 25 15:41:32 2014
+++ src/sys/arch/next68k/dev/esp.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: esp.c,v 1.61 2014/03/25 19:41:32 christos Exp $ */
+/* $NetBSD: esp.c,v 1.62 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 1997, 1998 The NetBSD Foundation, Inc.
@@ -75,7 +75,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: esp.c,v 1.61 2014/03/25 19:41:32 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: esp.c,v 1.62 2014/03/27 18:22:56 christos Exp $");
#include <sys/types.h>
#include <sys/param.h>
@@ -1155,8 +1155,12 @@ esp_dma_store(struct ncr53c9x_softc *sc)
l += snprintf(p + l, len - l, "%s: sc_datain=%d\n",
device_xname(sc->sc_dev), esc->sc_datain);
+ if (l > len)
+ return;
l += snprintf(p + l, len - l, "%s: sc_loaded=0x%08x\n",
device_xname(sc->sc_dev), esc->sc_loaded);
+ if (l > len)
+ return;
if (esc->sc_dmaaddr) {
l += snprintf(p + l, len - l, "%s: sc_dmaaddr=%p\n",
@@ -1165,6 +1169,8 @@ esp_dma_store(struct ncr53c9x_softc *sc)
l += snprintf(p + l, len - l, "%s: sc_dmaaddr=NULL\n",
device_xname(sc->sc_dev));
}
+ if (l > len)
+ return;
if (esc->sc_dmalen) {
l += snprintf(p + l, len - l, "%s: sc_dmalen=0x%08x\n",
device_xname(sc->sc_dev), *esc->sc_dmalen);
@@ -1172,19 +1178,29 @@ esp_dma_store(struct ncr53c9x_softc *sc)
l += snprintf(p + l, len - l, "%s: sc_dmalen=NULL\n",
device_xname(sc->sc_dev));
}
+ if (l > len)
+ return;
l += snprintf(p + l, len - l, "%s: sc_dmasize=0x%08x\n",
device_xname(sc->sc_dev), esc->sc_dmasize);
+ if (l > len)
+ return;
l += snprintf(p + l, len - l, "%s: sc_begin = %p, sc_begin_size = 0x%08x\n",
+ if (l > len)
+ return;
device_xname(sc->sc_dev), esc->sc_begin, esc->sc_begin_size);
l += snprintf(p + l, len - l, "%s: sc_main = %p, sc_main_size = 0x%08x\n",
device_xname(sc->sc_dev), esc->sc_main, esc->sc_main_size);
+ if (l > len)
+ return;
/* if (esc->sc_main) */ {
int i;
bus_dmamap_t map = esc->sc_main_dmamap;
l += snprintf(p + l, len - l, "%s: sc_main_dmamap."
" mapsize = 0x%08lx, nsegs = %d\n",
device_xname(sc->sc_dev), map->dm_mapsize, map->dm_nsegs);
+ if (l > len)
+ return;
for(i = 0; i < map->dm_nsegs; i++) {
l += snprintf(p + l, len - l, "%s:"
" map->dm_segs[%d].ds_addr = 0x%08lx,"
@@ -1192,16 +1208,22 @@ esp_dma_store(struct ncr53c9x_softc *sc)
device_xname(sc->sc_dev),
i, map->dm_segs[i].ds_addr,
map->dm_segs[i].ds_len);
+ if (l > len)
+ return;
}
}
l += snprintf(p + l, len - l, "%s: sc_tail = %p, sc_tail_size = 0x%08x\n",
device_xname(sc->sc_dev), esc->sc_tail, esc->sc_tail_size);
+ if (l > len)
+ return;
/* if (esc->sc_tail) */ {
int i;
bus_dmamap_t map = esc->sc_tail_dmamap;
l += snprintf(p + l, len - l, "%s: sc_tail_dmamap."
" mapsize = 0x%08lx, nsegs = %d\n",
device_xname(sc->sc_dev), map->dm_mapsize, map->dm_nsegs);
+ if (l > len)
+ return;
for (i = 0; i < map->dm_nsegs; i++) {
l += snprintf(p + l, len - l, "%s:"
" map->dm_segs[%d].ds_addr = 0x%08lx,"
@@ -1209,6 +1231,8 @@ esp_dma_store(struct ncr53c9x_softc *sc)
device_xname(sc->sc_dev),
i, map->dm_segs[i].ds_addr,
map->dm_segs[i].ds_len);
+ if (l > len)
+ return;
}
}
}
Index: src/sys/arch/prep/prep/autoconf.c
diff -u src/sys/arch/prep/prep/autoconf.c:1.26 src/sys/arch/prep/prep/autoconf.c:1.27
--- src/sys/arch/prep/prep/autoconf.c:1.26 Fri Jun 28 10:42:31 2013
+++ src/sys/arch/prep/prep/autoconf.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: autoconf.c,v 1.26 2013/06/28 14:42:31 christos Exp $ */
+/* $NetBSD: autoconf.c,v 1.27 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 2006 The NetBSD Foundation, Inc.
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: autoconf.c,v 1.26 2013/06/28 14:42:31 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: autoconf.c,v 1.27 2014/03/27 18:22:56 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -167,11 +167,15 @@ device_register(device_t dev, void *aux)
n = snprintf(devpath, sizeof(devpath), "%s@",
pna->pna_devid);
io = SIMPLEQ_FIRST(&pna->pna_res.io);
+ if (n > sizeof(devpath))
+ n = sizeof(devpath);
if (io != NULL)
n += snprintf(devpath + n, sizeof(devpath) - n, "%x",
io->minbase);
}
+ if (n > sizeof(devpath))
+ n = sizeof(devpath);
/* we can't trust the device tag on the ethernet, because
* the spec lies about how it is formed. Therefore we will leave it
* blank, and trim the end off any ethernet stuff. */
@@ -190,8 +194,12 @@ device_register(device_t dev, void *aux)
struct scsipibus_attach_args *sa = aux;
/* periph_target is target for scsi, drive # for atapi */
+ if (n > sizeof(devpath))
+ n = sizeof(devpath);
n += snprintf(devpath + n, sizeof(devpath) - n, "%d",
sa->sa_periph->periph_target);
+ if (n > sizeof(devpath))
+ n = sizeof(devpath);
if (device_is_a(parent, "scsibus"))
n += snprintf(devpath + n, sizeof(devpath) - n, ",%d",
sa->sa_periph->periph_lun);
@@ -199,9 +207,13 @@ device_register(device_t dev, void *aux)
device_is_a(parent, "pciide")) {
struct ata_device *adev = aux;
+ if (n > sizeof(devpath))
+ n = sizeof(devpath);
n += snprintf(devpath + n, sizeof(devpath) - n, "%d",
adev->adev_drv_data->drive);
} else if (device_is_a(dev, "fd")) {
+ if (n > sizeof(devpath))
+ n = sizeof(devpath);
/* XXX device_unit() abuse */
n += snprintf(devpath + n, sizeof(devpath) - n, "%d",
device_unit(dev));
Index: src/sys/arch/prep/prep/residual.c
diff -u src/sys/arch/prep/prep/residual.c:1.17 src/sys/arch/prep/prep/residual.c:1.18
--- src/sys/arch/prep/prep/residual.c:1.17 Wed Mar 26 12:01:43 2014
+++ src/sys/arch/prep/prep/residual.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: residual.c,v 1.17 2014/03/26 16:01:43 christos Exp $ */
+/* $NetBSD: residual.c,v 1.18 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: residual.c,v 1.17 2014/03/26 16:01:43 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: residual.c,v 1.18 2014/03/27 18:22:56 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -965,6 +965,8 @@ large_vendor_pcibridge_subr(struct _L4_P
l += snprintf(tmpstr + l, sizeof(tmpstr) - l,
"%s%d(%c)", l == 0 ? "/" : "",
line & 0x7fff, line & 0x8000 ? 'E' : 'L');
+ if (l > sizeof(tmpstr))
+ break;
}
}
printf("%s\n", tmpstr);
Index: src/sys/arch/sparc/sparc/cpu.c
diff -u src/sys/arch/sparc/sparc/cpu.c:1.242 src/sys/arch/sparc/sparc/cpu.c:1.243
--- src/sys/arch/sparc/sparc/cpu.c:1.242 Wed Mar 26 11:55:43 2014
+++ src/sys/arch/sparc/sparc/cpu.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: cpu.c,v 1.242 2014/03/26 15:55:43 christos Exp $ */
+/* $NetBSD: cpu.c,v 1.243 2014/03/27 18:22:56 christos Exp $ */
/*
* Copyright (c) 1996
@@ -52,7 +52,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: cpu.c,v 1.242 2014/03/26 15:55:43 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: cpu.c,v 1.243 2014/03/27 18:22:56 christos Exp $");
#include "opt_multiprocessor.h"
#include "opt_lockdebug.h"
@@ -744,6 +744,8 @@ xcall(xcall_func_t func, xcall_trap_t tr
"xcall(cpu%d,%p) from %p: couldn't ping cpus:",
cpu_number(), fasttrap ? trap : func,
__builtin_return_address(0));
+ if (wrsz > bufsz)
+ break;
bufsz -= wrsz;
bufp += wrsz;
}
@@ -757,11 +759,10 @@ xcall(xcall_func_t func, xcall_trap_t tr
if (i < 0) {
wrsz = snprintf(bufp, bufsz,
" cpu%d", cpi->ci_cpuid);
+ if (wrsz > bufsz)
+ break;
bufsz -= wrsz;
bufp += wrsz;
- /* insanity */
- if (bufsz < 0)
- break;
} else {
done = 0;
break;
Index: src/sys/arch/x86/acpi/acpi_cpu_md.c
diff -u src/sys/arch/x86/acpi/acpi_cpu_md.c:1.75 src/sys/arch/x86/acpi/acpi_cpu_md.c:1.76
--- src/sys/arch/x86/acpi/acpi_cpu_md.c:1.75 Tue Dec 10 21:14:08 2013
+++ src/sys/arch/x86/acpi/acpi_cpu_md.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: acpi_cpu_md.c,v 1.75 2013/12/11 02:14:08 msaitoh Exp $ */
+/* $NetBSD: acpi_cpu_md.c,v 1.76 2014/03/27 18:22:56 christos Exp $ */
/*-
* Copyright (c) 2010, 2011 Jukka Ruohonen <jruoho...@iki.fi>
@@ -27,7 +27,7 @@
* SUCH DAMAGE.
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: acpi_cpu_md.c,v 1.75 2013/12/11 02:14:08 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: acpi_cpu_md.c,v 1.76 2014/03/27 18:22:56 christos Exp $");
#include <sys/param.h>
#include <sys/bus.h>
@@ -1153,6 +1153,8 @@ acpicpu_md_pstate_sysctl_all(SYSCTLFN_AR
len += snprintf(buf + len, sizeof(buf) - len, "%u%s",
sc->sc_pstate[i].ps_freq,
i < (sc->sc_pstate_count - 1) ? " " : "");
+ if (len > sizeof(buf))
+ break;
}
mutex_exit(&sc->sc_mtx);
Index: src/sys/arch/x86/x86/est.c
diff -u src/sys/arch/x86/x86/est.c:1.28 src/sys/arch/x86/x86/est.c:1.29
--- src/sys/arch/x86/x86/est.c:1.28 Fri Nov 15 03:47:55 2013
+++ src/sys/arch/x86/x86/est.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: est.c,v 1.28 2013/11/15 08:47:55 msaitoh Exp $ */
+/* $NetBSD: est.c,v 1.29 2014/03/27 18:22:56 christos Exp $ */
/*
* Copyright (c) 2003 Michael Eriksson.
* All rights reserved.
@@ -76,7 +76,7 @@
* http://www.codemonkey.org.uk/projects/cpufreq/cpufreq-2.4.22-pre6-1.gz
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: est.c,v 1.28 2013/11/15 08:47:55 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: est.c,v 1.29 2014/03/27 18:22:56 christos Exp $");
#include <sys/param.h>
#include <sys/device.h>
@@ -1276,6 +1276,8 @@ est_tables(device_t self)
len += snprintf(sc->sc_freqs + len, sc->sc_freqs_len - len,
"%d%s", MSR2MHZ(sc->sc_fqlist->table[i], sc->sc_bus_clock),
i < sc->sc_fqlist->n - 1 ? " " : "");
+ if (len > sc->sc_freqs_len)
+ break;
}
aprint_debug_dev(self, "%d mV, %d (MHz): %s\n", mv,
Index: src/sys/arch/x86/x86/odcm.c
diff -u src/sys/arch/x86/x86/odcm.c:1.3 src/sys/arch/x86/x86/odcm.c:1.4
--- src/sys/arch/x86/x86/odcm.c:1.3 Fri Nov 15 03:47:55 2013
+++ src/sys/arch/x86/x86/odcm.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: odcm.c,v 1.3 2013/11/15 08:47:55 msaitoh Exp $ */
+/* $NetBSD: odcm.c,v 1.4 2014/03/27 18:22:56 christos Exp $ */
/* $OpenBSD: p4tcc.c,v 1.13 2006/12/20 17:50:40 gwk Exp $ */
/*
@@ -40,7 +40,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: odcm.c,v 1.3 2013/11/15 08:47:55 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: odcm.c,v 1.4 2014/03/27 18:22:56 christos Exp $");
#include <sys/param.h>
#include <sys/device.h>
@@ -208,6 +208,8 @@ odcm_init(device_t self)
len += snprintf(sc->sc_names + len,
sc->sc_names_len - len, "%d%s", state[i].level,
i < __arraycount(state) ? " " : "");
+ if (len > sc->sc_names_len)
+ break;
}
/*
Index: src/sys/arch/x86/x86/procfs_machdep.c
diff -u src/sys/arch/x86/x86/procfs_machdep.c:1.4 src/sys/arch/x86/x86/procfs_machdep.c:1.5
--- src/sys/arch/x86/x86/procfs_machdep.c:1.4 Mon Mar 24 16:06:33 2014
+++ src/sys/arch/x86/x86/procfs_machdep.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: procfs_machdep.c,v 1.4 2014/03/24 20:06:33 christos Exp $ */
+/* $NetBSD: procfs_machdep.c,v 1.5 2014/03/27 18:22:56 christos Exp $ */
/*
* Copyright (c) 2001 Wasabi Systems, Inc.
@@ -42,7 +42,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: procfs_machdep.c,v 1.4 2014/03/24 20:06:33 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: procfs_machdep.c,v 1.5 2014/03/27 18:22:56 christos Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -151,10 +151,10 @@ procfs_getonecpu(int xcpu, struct cpu_in
for (i = 0; i < 32; i++) {
if ((ci->ci_feat_val[0] & (1 << i)) && x86_features[i]) {
l = snprintf(p, left, "%s ", x86_features[i]);
+ if (l > left)
+ return 0;
left -= l;
p += l;
- if (left <= 0)
- break;
}
}
@@ -174,20 +174,20 @@ procfs_getonecpu(int xcpu, struct cpu_in
cpu_brand_string
);
+ if (l > left)
+ return 0;
left -= l;
p += l;
- if (left <= 0)
- return 0;
if (cpuid_level >= 0)
l = snprintf(p, left, "%d\n", ci->ci_signature & 15);
else
l = snprintf(p, left, "unknown\n");
+ if (l > left)
+ return 0;
left -= l;
p += l;
- if (left <= 0)
- return 0;
if (ci->ci_data.cpu_cc_freq != 0) {
uint64_t freq, fraq;
@@ -199,10 +199,10 @@ procfs_getonecpu(int xcpu, struct cpu_in
} else
l = snprintf(p, left, "cpu MHz\t\t: unknown\n");
+ if (l > left)
+ return 0;
left -= l;
p += l;
- if (left <= 0)
- return 0;
l = snprintf(p, left,
"fdiv_bug\t: %s\n"
Index: src/sys/arch/xen/xen/pciback.c
diff -u src/sys/arch/xen/xen/pciback.c:1.7 src/sys/arch/xen/xen/pciback.c:1.8
--- src/sys/arch/xen/xen/pciback.c:1.7 Thu Feb 2 14:43:01 2012
+++ src/sys/arch/xen/xen/pciback.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: pciback.c,v 1.7 2012/02/02 19:43:01 tls Exp $ */
+/* $NetBSD: pciback.c,v 1.8 2014/03/27 18:22:56 christos Exp $ */
/*
* Copyright (c) 2009 Manuel Bouyer.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: pciback.c,v 1.7 2012/02/02 19:43:01 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: pciback.c,v 1.8 2014/03/27 18:22:56 christos Exp $");
#include "opt_xen.h"
@@ -311,23 +311,31 @@ pciback_kernfs_read(void *v)
off = uio->uio_offset;
len = 0;
- len += snprintf(&buf[len], PCIBACK_KERNFS_SIZE - len,
+ len += snprintf(&buf[len], sizeof(buf) - len,
"vendor: 0x%04x\nproduct: 0x%04x\n",
PCI_VENDOR(sc->sc_id), PCI_PRODUCT(sc->sc_id));
- len += snprintf(&buf[len], PCIBACK_KERNFS_SIZE - len,
+ if (len > sizeof(buf))
+ return ENOSPC;
+ len += snprintf(&buf[len], sizeof(buf) - len,
"subsys_vendor: 0x%04x\nsubsys_product: 0x%04x\n",
PCI_VENDOR(sc->sc_subid), PCI_PRODUCT(sc->sc_subid));
+ if (len > sizeof(buf))
+ return ENOSPC;
for(i = 0; i < PCI_NBARS; i++) {
if (sc->sc_bars[i].b_valid) {
- len += snprintf(&buf[len], PCIBACK_KERNFS_SIZE - len,
+ len += snprintf(&buf[len], sizeof(buf) - len,
"%s: 0x%08jx - 0x%08jx\n",
(sc->sc_bars[i].b_type == PCI_MAPREG_TYPE_IO) ?
"I/O" : "mem",
(uintmax_t)sc->sc_bars[i].b_addr,
(uintmax_t)(sc->sc_bars[i].b_addr + sc->sc_bars[i].b_size));
+ if (len > sizeof(buf))
+ return ENOSPC;
}
}
- len += snprintf(&buf[len], PCIBACK_KERNFS_SIZE - len,
+ if (len > sizeof(buf))
+ return ENOSPC;
+ len += snprintf(&buf[len], sizeof(buf) - len,
"irq: %d\n", sc->sc_irq);
if (off >= len) {
error = uiomove(buf, 0, uio);
Index: src/sys/arch/xen/xenbus/xenbus_client.c
diff -u src/sys/arch/xen/xenbus/xenbus_client.c:1.11 src/sys/arch/xen/xenbus/xenbus_client.c:1.12
--- src/sys/arch/xen/xenbus/xenbus_client.c:1.11 Sun Jul 17 16:54:49 2011
+++ src/sys/arch/xen/xenbus/xenbus_client.c Thu Mar 27 14:22:56 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: xenbus_client.c,v 1.11 2011/07/17 20:54:49 joerg Exp $ */
+/* $NetBSD: xenbus_client.c,v 1.12 2014/03/27 18:22:56 christos Exp $ */
/******************************************************************************
* Client-facing interface for the Xenbus driver. In other words, the
* interface between the Xenbus and the device-specific code, be it the
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xenbus_client.c,v 1.11 2011/07/17 20:54:49 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xenbus_client.c,v 1.12 2014/03/27 18:22:56 christos Exp $");
#if 0
#define DPRINTK(fmt, args...) \
@@ -169,8 +169,8 @@ _dev_error(struct xenbus_device *dev, in
goto fail;
len = snprintf(printf_buffer, PRINTF_BUFFER_SIZE, "%i ", -err);
+ KASSERT(len < PRINTF_BUFFER_SIZE);
ret = vsnprintf(printf_buffer+len, PRINTF_BUFFER_SIZE-len, fmt, ap);
-
KASSERT(len + ret < PRINTF_BUFFER_SIZE);
dev->xbusd_has_error = 1;
