git: e5c30ac93055 - main - vmstat: fix overflow of interrupt name buffer
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 20 Jan 2023 02:53:05 UTC
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=e5c30ac93055e708e26e075937263608b3eeb17d
commit e5c30ac93055e708e26e075937263608b3eeb17d
Author: Elliott Mitchell <ehem+freebsd@m5p.com>
AuthorDate: 2022-11-26 16:21:33 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2023-01-20 02:51:13 +0000
vmstat: fix overflow of interrupt name buffer
sysctl() provides a count of number of bytes in the buffer. That is the
actual buffer length. Whereas looking for an interrupt entry with an
empty name could terminate too early, or overflow the end of the buffer.
The overflow will occur if the table of interrupt names is full.
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36628
---
usr.bin/vmstat/vmstat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c
index 07988da9d99d..d007d4f6098f 100644
--- a/usr.bin/vmstat/vmstat.c
+++ b/usr.bin/vmstat/vmstat.c
@@ -1349,7 +1349,7 @@ dointr(unsigned int interval, int reps)
/* Determine the length of the longest interrupt name */
intrname = intrnames;
istrnamlen = strlen("interrupt");
- while(*intrname != '\0') {
+ while (intrname < intrnames + inamlen) {
clen = strlen(intrname);
if (clen > istrnamlen)
istrnamlen = clen;