svn commit: r306752 - head/sbin/savecore

Wed, 05 Oct 2016 22:42:56 -0700 

Author: cem
Date: Thu Oct  6 05:16:44 2016
New Revision: 306752
URL: https://svnweb.freebsd.org/changeset/base/306752

Log:
  savecore(8): Fix buffer overrun inspecting disks with varying sector size
  
  A premature optimization lead to caching a native-sector sized memory
  allocation.  If the program examined a 512 byte sector disk, then a 4096
  byte sector disk, the program would overrun the cached 512 byte buffer.
  
  Just remove the optimization to fix the bug.  This was introduced with the 4Kn
  dump support in r298076.
  
  Reported by:  markj
  Reviewed by:  markj, rpokala
  Sponsored by: Dell EMC Isilon
  Differential Revision:        https://reviews.freebsd.org/D8162

Modified:
  head/sbin/savecore/savecore.c

Modified: head/sbin/savecore/savecore.c
==============================================================================
--- head/sbin/savecore/savecore.c       Thu Oct  6 03:32:30 2016        
(r306751)
+++ head/sbin/savecore/savecore.c       Thu Oct  6 05:16:44 2016        
(r306752)
@@ -436,7 +436,8 @@ DoFile(const char *savedir, const char *
 {
        xo_handle_t *xostdout, *xoinfo;
        static char infoname[PATH_MAX], corename[PATH_MAX], linkname[PATH_MAX];
-       static char *buf = NULL, *temp = NULL;
+       static char *buf = NULL;
+       char *temp = NULL;
        struct kerneldumpheader kdhf, kdhl;
        off_t mediasize, dumpsize, firsthd, lasthd;
        FILE *info, *fp;
@@ -498,12 +499,10 @@ DoFile(const char *savedir, const char *
        }
 
        lasthd = mediasize - sectorsize;
+       temp = malloc(sectorsize);
        if (temp == NULL) {
-               temp = malloc(sectorsize);
-               if (temp == NULL) {
-                       syslog(LOG_ERR, "%m");
-                       goto closefd;
-               }
+               syslog(LOG_ERR, "%m");
+               goto closefd;
        }
        if (lseek(fd, lasthd, SEEK_SET) != lasthd ||
            read(fd, temp, sectorsize) != (ssize_t)sectorsize) {
@@ -749,6 +748,7 @@ nuke:
        }
        xo_close_container_h(xostdout, "crashdump");
        xo_finish_h(xostdout);
+       free(temp);
        close(fd);
        return;
 
@@ -756,6 +756,7 @@ closeall:
        fclose(fp);
 
 closefd:
+       free(temp);
        close(fd);
 }
 
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to