From nobody Sun Jul 07 23:47:25 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WHP7L3Dzvz5QN8D; Sun, 07 Jul 2024 23:47:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WHP7L0K0dz4gWb; Sun, 7 Jul 2024 23:47:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720396046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mVKKmhjHX66I70+LMg3XOkzzmRAivPwgottr4ZI89Do=; b=EiBZzU5m/skMdMUEsVZcvkcwV06cUtUDLfcYUblAAHvN7saxbYWtKC2MVI08OKTszGh5yx D5GXm7p8AMYUIzBcPONBWl0tkMSWmhco7FSq33wcGxZ9HJG4X6rpHlycmdOjMWBgd6Zs7F v74GhzSI0Dvi63gf7oErH29qPqOwRp3Kdy6PQguOR7ltmInCEnTK17oisxTnD6Ksv7H7WB g6Uudd2fd1TNoA7uXmUVNkHHacvyP7L4pmWyRvltwsxKUAHiLqdl3BRCk1a8ewCxzjieS8 Cxzt0yNG8+jhMa5tL3uo2Lxb308MxDDboRknV1dSGe0ZhxXNgJO7Mh0oilGCvQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1720396046; a=rsa-sha256; cv=none; b=dAKN3fVnycUHUUbuxkyOhmzSv5A4fj6QV4GXohQ1Hdw0dnpHv6kUCymjRI1GVo8eqIdVKM 8/h5/5WxEGs1AaHvtZUhHMwt2ojFn83sKzFzXXhae5LlRrVsIg2nW92s84ikkXMsw6QNRP wtKEjB1hdW8PIskkfKXkI4igS2eockOKS1Kw907OaodYrmREnDP4MOI7wM7BlDwIfr22B0 RKodmavRv5OFHETF7RPwIitBPpH5MAJ3syxddS/bpwXI5t9CZ9NXbRGS1iDN321WyMhsmS CEPzvH6gf+Veez1IpHxV/qdRU/QgmeTVMbxb4GiGmD4wMAAuKyvBGQQ1UmQCXA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720396046; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mVKKmhjHX66I70+LMg3XOkzzmRAivPwgottr4ZI89Do=; b=YCBGhPPwmT0/xRaMmj+hKut6KoKqlzwr74GjkwP8z+AC6SqGQL52+d8ZtAHfuxgK1ZFEb+ fjk1P0x4IwF9piMIx6SsNEiudevTfoFd44NcgZyOrbQOxOq2PPJapciztA3PN8eFATF2sn T1VjPKAeXk1RAMRuPgTqUCZK5/FN2nMuQLwTtUbxC+DJM66rzAZeoD3HIGyw384Ivb23Nu 46KShau3UnCnhxFdasxMOAZZySvk/QVHlpbD3Lf03zYWr8OH2oWHje4UIT2IjmTCa+xu20 ZWu33pGX7s27JHMZ/XK8+N+yhe9+0p8KJqoBxRaHPhnkmQl1X6MVszd/oGg9Uw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WHP7K6n82zSR0; Sun, 7 Jul 2024 23:47:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 467NlPhg002192; Sun, 7 Jul 2024 23:47:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 467NlP0r002189; Sun, 7 Jul 2024 23:47:25 GMT (envelope-from git) Date: Sun, 7 Jul 2024 23:47:25 GMT Message-Id: <202407072347.467NlP0r002189@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ryan Libby Subject: git: 39bda097c037 - main - pci: propagate vpd read error List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rlibby X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 39bda097c03780e26e6a25ff59a3e8e77c77563f Auto-Submitted: auto-generated The branch main has been updated by rlibby: URL: https://cgit.FreeBSD.org/src/commit/?id=39bda097c03780e26e6a25ff59a3e8e77c77563f commit 39bda097c03780e26e6a25ff59a3e8e77c77563f Author: Ryan Libby AuthorDate: 2024-07-07 23:46:58 +0000 Commit: Ryan Libby CommitDate: 2024-07-07 23:46:58 +0000 pci: propagate vpd read error On read error, we would return -1, but not handle it, causing a zero size malloc of value, and then we wouldd unconditionally write value[-1 + 1] = '\0'. This should be harmless in terms of buffer overflow because we should get a minimum non-zero size allocation from malloc, but it also effectively swallowed the error. Reported by: GCC -Wstringop-overflow Reviewed by: kib, se Differential Revision: https://reviews.freebsd.org/D45895 --- sys/dev/pci/pci.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/dev/pci/pci.c b/sys/dev/pci/pci.c index 9661cfd19db7..171c6b710a32 100644 --- a/sys/dev/pci/pci.c +++ b/sys/dev/pci/pci.c @@ -1190,7 +1190,7 @@ vpd_read_elem_data(struct vpd_readstate *vrs, char keyword[2], char **value, int int len; len = vpd_read_elem_head(vrs, keyword); - if (len > maxlen) + if (len < 0 || len > maxlen) return (-1); *value = vpd_read_value(vrs, len); @@ -1211,7 +1211,7 @@ vpd_fixup_cksum(struct vpd_readstate *vrs, char *rvstring, int len) } /* fetch one read-only element and return size of heading + data */ -static size_t +static int next_vpd_ro_elem(struct vpd_readstate *vrs, int maxsize) { struct pcicfg_vpd *vpd; @@ -1245,7 +1245,7 @@ next_vpd_ro_elem(struct vpd_readstate *vrs, int maxsize) } /* fetch one writable element and return size of heading + data */ -static size_t +static int next_vpd_rw_elem(struct vpd_readstate *vrs, int maxsize) { struct pcicfg_vpd *vpd;