svn commit: r278534 - in stable: 10/sys/netinet 9/sys/netinet

Tue, 10 Feb 2015 13:42:39 -0800 

Author: jhb
Date: Tue Feb 10 21:41:56 2015
New Revision: 278534
URL: https://svnweb.freebsd.org/changeset/base/278534

Log:
  MFC 277709:
  Use an sbuf to generate the output of the net.inet.tcp.hostcache.list
  sysctl to avoid a possible buffer overflow if the cache grows while the
  text is being generated.
  
  PR:           172675

Modified:
  stable/10/sys/netinet/tcp_hostcache.c
Directory Properties:
  stable/10/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/9/sys/netinet/tcp_hostcache.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/10/sys/netinet/tcp_hostcache.c
==============================================================================
--- stable/10/sys/netinet/tcp_hostcache.c       Tue Feb 10 21:40:31 2015        
(r278533)
+++ stable/10/sys/netinet/tcp_hostcache.c       Tue Feb 10 21:41:56 2015        
(r278534)
@@ -73,6 +73,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/lock.h>
 #include <sys/mutex.h>
 #include <sys/malloc.h>
+#include <sys/sbuf.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/sysctl.h>
@@ -592,30 +593,27 @@ tcp_hc_update(struct in_conninfo *inc, s
 static int
 sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS)
 {
-       int bufsize;
        int linesize = 128;
-       char *p, *buf;
-       int len, i, error;
+       struct sbuf sb;
+       int i, error;
        struct hc_metrics *hc_entry;
 #ifdef INET6
        char ip6buf[INET6_ADDRSTRLEN];
 #endif
 
-       bufsize = linesize * (V_tcp_hostcache.cache_count + 1);
+       sbuf_new(&sb, NULL, linesize * (V_tcp_hostcache.cache_count + 1),
+           SBUF_FIXEDLEN);
 
-       p = buf = (char *)malloc(bufsize, M_TEMP, M_WAITOK|M_ZERO);
-
-       len = snprintf(p, linesize,
-               "\nIP address        MTU  SSTRESH      RTT   RTTVAR BANDWIDTH "
+       sbuf_printf(&sb,
+               "\nIP address        MTU  SSTRESH      RTT   RTTVAR BANDWIDTH "
                "    CWND SENDPIPE RECVPIPE HITS  UPD  EXP\n");
-       p += len;
 
 #define msec(u) (((u) + 500) / 1000)
        for (i = 0; i < V_tcp_hostcache.hashsize; i++) {
                THC_LOCK(&V_tcp_hostcache.hashbase[i].hch_mtx);
                TAILQ_FOREACH(hc_entry, &V_tcp_hostcache.hashbase[i].hch_bucket,
                              rmx_q) {
-                       len = snprintf(p, linesize,
+                       sbuf_printf(&sb,
                            "%-15s %5lu %8lu %6lums %6lums %9lu %8lu %8lu %8lu "
                            "%4lu %4lu %4i\n",
                            hc_entry->ip4.s_addr ? inet_ntoa(hc_entry->ip4) :
@@ -637,13 +635,13 @@ sysctl_tcp_hc_list(SYSCTL_HANDLER_ARGS)
                            hc_entry->rmx_hits,
                            hc_entry->rmx_updates,
                            hc_entry->rmx_expire);
-                       p += len;
                }
                THC_UNLOCK(&V_tcp_hostcache.hashbase[i].hch_mtx);
        }
 #undef msec
-       error = SYSCTL_OUT(req, buf, p - buf);
-       free(buf, M_TEMP);
+       sbuf_finish(&sb);
+       error = SYSCTL_OUT(req, sbuf_data(&sb), sbuf_len(&sb));
+       sbuf_delete(&sb);
        return(error);
 }
 
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to