Author: adrian
Date: Thu Mar 19 03:58:25 2015
New Revision: 280239
URL: https://svnweb.freebsd.org/changeset/base/280239
Log:
Fix the label search routine in geom_map to not trip up on '\0' bytes.
* Just do the buf check early and fail out
* If the offset being searched is:
00110000 00 b5 7e 45 61 e2 76 d3 c1 78 dd 15 95 cd 1f f1 |..~Ea.v..x......|
.. and the match string is '.!/bin/sh'
.. then it'll set the match string[0] to '\0', do a strncmp() against
the read buffer, find it's matching two zero-length strings, and think
that's where to start.
MFC after: 2 weeks
Modified:
head/sys/geom/geom_map.c
Modified: head/sys/geom/geom_map.c
==============================================================================
--- head/sys/geom/geom_map.c Thu Mar 19 01:40:43 2015 (r280238)
+++ head/sys/geom/geom_map.c Thu Mar 19 03:58:25 2015 (r280239)
@@ -171,6 +171,13 @@ find_marker(struct g_consumer *cp, const
roundup(strlen(search_key), sectorsize), NULL);
g_topology_lock();
+ /*
+ * Don't bother doing the rest if buf==NULL; eg derefencing
+ * to assemble 'key'.
+ */
+ if (buf == NULL)
+ continue;
+
/* Wildcard, replace '.' with byte from data */
/* TODO: add support wildcard escape '\.' */
@@ -183,7 +190,8 @@ find_marker(struct g_consumer *cp, const
}
}
- if (buf != NULL && strncmp(buf + search_offset % sectorsize,
+ /* Assume buf != NULL here */
+ if (memcmp(buf + search_offset % sectorsize,
key, strlen(search_key)) == 0) {
g_free(buf);
/* Marker found, so return their offset */
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
