Em qua, 21 de nov de 2018 às 08:23, Shawn Webb <shawn.w...@hardenedbsd.org> escreveu:
> On Tue, Nov 20, 2018 at 10:21:19PM +0000, Marcelo Araujo wrote: > > Author: araujo > > Date: Tue Nov 20 22:21:19 2018 > > New Revision: 340707 > > URL: https://svnweb.freebsd.org/changeset/base/340707 > > > > Log: > > Define AHCI_PORT_IDENT and increase by 1 the VTBLK_BLK_ID_BYTES > > to avoid buffer accessed out of bounds, also switch to snprintf(3). > > > > PR: 200859 > > Submitted by: Caglar <cag...@10ur.org> > > Obtained from: https://github.com/mist64/xhyve/pull/24 > > MFC after: 4 weeks > > Sponsored by: iXsystems Inc. > > > > Modified: > > head/usr.sbin/bhyve/pci_ahci.c > > head/usr.sbin/bhyve/pci_virtio_block.c > > > > Modified: head/usr.sbin/bhyve/pci_ahci.c > > > ============================================================================== > > --- head/usr.sbin/bhyve/pci_ahci.c Tue Nov 20 22:12:10 2018 > (r340706) > > +++ head/usr.sbin/bhyve/pci_ahci.c Tue Nov 20 22:21:19 2018 > (r340707) > > @@ -105,7 +105,7 @@ enum sata_fis_type { > > * ATA commands > > */ > > #define ATA_SF_ENAB_SATA_SF 0x10 > > -#define ATA_SATA_SF_AN 0x05 > > +#define ATA_SATA_SF_AN 0x05 > > #define ATA_SF_DIS_SATA_SF 0x90 > > > > /* > > @@ -119,6 +119,8 @@ static FILE *dbg; > > #endif > > #define WPRINTF(format, arg...) printf(format, ##arg) > > > > +#define AHCI_PORT_IDENT 20 + 1 > > + > > struct ahci_ioreq { > > struct blockif_req io_req; > > struct ahci_port *io_pr; > > @@ -136,7 +138,7 @@ struct ahci_port { > > struct pci_ahci_softc *pr_sc; > > uint8_t *cmd_lst; > > uint8_t *rfis; > > - char ident[20 + 1]; > > + char ident[AHCI_PORT_IDENT]; > > int port; > > int atapi; > > int reset; > > @@ -2374,7 +2376,8 @@ pci_ahci_init(struct vmctx *ctx, struct > pci_devinst *p > > MD5Init(&mdctx); > > MD5Update(&mdctx, opts, strlen(opts)); > > MD5Final(digest, &mdctx); > > - sprintf(sc->port[p].ident, > "BHYVE-%02X%02X-%02X%02X-%02X%02X", > > + snprintf(sc->port[p].ident, AHCI_PORT_IDENT, > > + "BHYVE-%02X%02X-%02X%02X-%02X%02X", > > digest[0], digest[1], digest[2], digest[3], digest[4], > > digest[5]); > > > > > > Modified: head/usr.sbin/bhyve/pci_virtio_block.c > > > ============================================================================== > > --- head/usr.sbin/bhyve/pci_virtio_block.c Tue Nov 20 22:12:10 2018 > (r340706) > > +++ head/usr.sbin/bhyve/pci_virtio_block.c Tue Nov 20 22:21:19 2018 > (r340707) > > @@ -61,7 +61,7 @@ __FBSDID("$FreeBSD$"); > > #define VTBLK_S_IOERR 1 > > #define VTBLK_S_UNSUPP 2 > > > > -#define VTBLK_BLK_ID_BYTES 20 > > +#define VTBLK_BLK_ID_BYTES 20 + 1 > > > > /* Capability bits */ > > #define VTBLK_F_SEG_MAX (1 << 2) /* Maximum request > segments */ > > @@ -344,7 +344,8 @@ pci_vtblk_init(struct vmctx *ctx, struct pci_devinst > * > > MD5Init(&mdctx); > > MD5Update(&mdctx, opts, strlen(opts)); > > MD5Final(digest, &mdctx); > > - sprintf(sc->vbsc_ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X", > > + snprintf(sc->vbsc_ident, VTBLK_BLK_ID_BYTES, > > + "BHYVE-%02X%02X-%02X%02X-%02X%02X", > > digest[0], digest[1], digest[2], digest[3], digest[4], > digest[5]); > > > > /* setup virtio block config space */ > > Hey Marcelo, > > Thanks for committing this. Could VTBLK_BLK_ID_BYTES and > AHCI_PORT_IDENT be merged into the same macro, defined in > usr.sbin/bhyve/pci_emul.h? Especially since both equate to the same > value. > The macro could be merged, but it is safer to have it in this way, in case something changes specifically for one of the drivers. I don't think pci_emul.h would be the right place for that, this file is in charge of PCI emulation functions and it is pretty much generic among the other drivers. Best. > > Thanks, > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > Tor-ified Signal: +1 443-546-8752 > Tor+XMPP+OTR: latt...@is.a.hacker.sx > GPG Key ID: 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE > -- -- Marcelo Araujo (__)ara...@freebsd.org \\\'',)http://www.FreeBSD.org <http://www.freebsd.org/> \/ \ ^ Power To Server. .\. /_) _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"