system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 18:56:38 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ppp(8): fix code producing debugging logs

Browse source 
Fix several cases when long buffer is copied to shorter one
using snprintf that results in contents truncation and
clobbering unsaved errno value and creation of misleading logs.

PR:		218517
Approved by:	avg (mentor)
MFC after:	1 month
This commit is contained in:
Eugene Grosbein 2018-02-10 17:09:51 +00:00
parent dc9b494e2b
commit 6cd3353ba3
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=329105
6 changed files with 21 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
usr.sbin/ppp/defs.h
View file

@ -119,6 +119,8 @@
#define ROUNDUP(x) ((x) ? (1 + (((x) - 1) | (sizeof(long) - 1))) : sizeof(long))
#define NCP_ASCIIBUFFERSIZE 52
#ifdef __NetBSD__
extern void randinit(void);
#else

24
usr.sbin/ppp/iface.c
View file

@ -209,7 +209,7 @@ iface_addr_Zap(const char *name, struct iface_addr *addr, int s)
#endif
struct sockaddr_in *me4, *msk4, *peer4;
struct sockaddr_storage ssme, sspeer, ssmsk;
int res;
int res, saved_errno;
ncprange_getsa(&addr->ifa, &ssme, &ssmsk);
ncpaddr_getsa(&addr->peer, &sspeer);
@ -235,8 +235,9 @@ iface_addr_Zap(const char *name, struct iface_addr *addr, int s)
memcpy(peer4, &sspeer, sizeof *peer4);
res = ID0ioctl(s, SIOCDIFADDR, &ifra);
saved_errno = errno;
if (log_IsKept(LogDEBUG)) {
char buf[100];
char buf[NCP_ASCIIBUFFERSIZE];
snprintf(buf, sizeof buf, "%s", ncprange_ntoa(&addr->ifa));
log_Printf(LogWARN, "%s: DIFADDR %s -> %s returns %d\n",
@ -260,12 +261,13 @@ iface_addr_Zap(const char *name, struct iface_addr *addr, int s)
ifra6.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
res = ID0ioctl(s, SIOCDIFADDR_IN6, &ifra6);
saved_errno = errno;
break;
#endif
}
if (res == -1) {
char dst[40];
char dst[NCP_ASCIIBUFFERSIZE];
const char *end =
#ifndef NOINET6
ncprange_family(&addr->ifa) == AF_INET6 ? "_IN6" :
@ -274,11 +276,11 @@ iface_addr_Zap(const char *name, struct iface_addr *addr, int s)
if (ncpaddr_family(&addr->peer) == AF_UNSPEC)
log_Printf(LogWARN, "iface rm: ioctl(SIOCDIFADDR%s, %s): %s\n",
end, ncprange_ntoa(&addr->ifa), strerror(errno));
end, ncprange_ntoa(&addr->ifa), strerror(saved_errno));
else {
snprintf(dst, sizeof dst, "%s", ncpaddr_ntoa(&addr->peer));
log_Printf(LogWARN, "iface rm: ioctl(SIOCDIFADDR%s, %s -> %s): %s\n",
end, ncprange_ntoa(&addr->ifa), dst, strerror(errno));
end, ncprange_ntoa(&addr->ifa), dst, strerror(saved_errno));
}
}
@ -294,7 +296,7 @@ iface_addr_Add(const char *name, struct iface_addr *addr, int s)
#endif
struct sockaddr_in *me4, *msk4, *peer4;
struct sockaddr_storage ssme, sspeer, ssmsk;
int res;
int res, saved_errno;
ncprange_getsa(&addr->ifa, &ssme, &ssmsk);
ncpaddr_getsa(&addr->peer, &sspeer);
@ -320,8 +322,9 @@ iface_addr_Add(const char *name, struct iface_addr *addr, int s)
memcpy(peer4, &sspeer, sizeof *peer4);
res = ID0ioctl(s, SIOCAIFADDR, &ifra);
saved_errno = errno;
if (log_IsKept(LogDEBUG)) {
char buf[100];
char buf[NCP_ASCIIBUFFERSIZE];
snprintf(buf, sizeof buf, "%s", ncprange_ntoa(&addr->ifa));
log_Printf(LogWARN, "%s: AIFADDR %s -> %s returns %d\n",
@ -345,12 +348,13 @@ iface_addr_Add(const char *name, struct iface_addr *addr, int s)
ifra6.ifra_lifetime.ia6t_pltime = ND6_INFINITE_LIFETIME;
res = ID0ioctl(s, SIOCAIFADDR_IN6, &ifra6);
saved_errno = errno;
break;
#endif
}
if (res == -1) {
char dst[40];
char dst[NCP_ASCIIBUFFERSIZE];
const char *end =
#ifndef NOINET6
ncprange_family(&addr->ifa) == AF_INET6 ? "_IN6" :
@ -359,11 +363,11 @@ iface_addr_Add(const char *name, struct iface_addr *addr, int s)
if (ncpaddr_family(&addr->peer) == AF_UNSPEC)
log_Printf(LogWARN, "iface add: ioctl(SIOCAIFADDR%s, %s): %s\n",
end, ncprange_ntoa(&addr->ifa), strerror(errno));
end, ncprange_ntoa(&addr->ifa), strerror(saved_errno));
else {
snprintf(dst, sizeof dst, "%s", ncpaddr_ntoa(&addr->peer));
log_Printf(LogWARN, "iface add: ioctl(SIOCAIFADDR%s, %s -> %s): %s\n",
end, ncprange_ntoa(&addr->ifa), dst, strerror(errno));
end, ncprange_ntoa(&addr->ifa), dst, strerror(saved_errno));
}
}

2
usr.sbin/ppp/ip.c
View file

@ -226,7 +226,7 @@ FilterCheck(const unsigned char *packet,
int match; /* true if condition matched */
int mindata; /* minimum data size or zero */
const struct filterent *fp = filter->rule;
char dbuff[100], dstip[16];
char dbuff[100], dstip[NCP_ASCIIBUFFERSIZE];
struct ncpaddr srcaddr, dstaddr;
const char *payload; /* IP payload */
int datalen; /* IP datagram length */

4
usr.sbin/ppp/ipv6cp.c
View file

@ -467,7 +467,7 @@ ipv6cp_LayerUp(struct fsm *fp)
{
/* We're now up */
struct ipv6cp *ipv6cp = fsm2ipv6cp(fp);
char tbuff[40];
char tbuff[NCP_ASCIIBUFFERSIZE];
log_Printf(LogIPV6CP, "%s: LayerUp.\n", fp->link->name);
if (!ipv6cp_InterfaceUp(ipv6cp))
@ -524,7 +524,7 @@ ipv6cp_LayerDown(struct fsm *fp)
/* About to come down */
struct ipv6cp *ipv6cp = fsm2ipv6cp(fp);
static int recursing;
char addr[40];
char addr[NCP_ASCIIBUFFERSIZE];
if (!recursing++) {
snprintf(addr, sizeof addr, "%s", ncpaddr_ntoa(&ipv6cp->myaddr));

2
usr.sbin/ppp/ncpaddr.c
View file

@ -78,8 +78,6 @@
#define ncpaddr_ip6addr u.ip6addr
#endif
#define NCP_ASCIIBUFFERSIZE 52
static struct in_addr
bits2mask4(int bits)
{

4
usr.sbin/ppp/route.c
View file

@ -437,7 +437,7 @@ route_IfDelete(struct bundle *bundle, int all)
) &&
(all || (rtm->rtm_flags & RTF_GATEWAY))) {
if (log_IsKept(LogDEBUG)) {
char gwstr[41];
char gwstr[NCP_ASCIIBUFFERSIZE];
struct ncpaddr gw;
ncprange_setsa(&range, sa[RTAX_DST], sa[RTAX_NETMASK]);
ncpaddr_setsa(&gw, sa[RTAX_GATEWAY]);
@ -843,7 +843,7 @@ rt_Set(struct bundle *bundle, int cmd, const struct ncprange *dst,
}
if (log_IsKept(LogDEBUG)) {
char gwstr[40];
char gwstr[NCP_ASCIIBUFFERSIZE];
if (gw)
snprintf(gwstr, sizeof gwstr, "%s", ncpaddr_ntoa(gw));