git: f5b0083302ed - main - mpsutil: Fix data truncation by too short buffers.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 30 Nov 2021 01:20:07 UTC
The branch main has been updated by mav:
URL: https://cgit.FreeBSD.org/src/commit/?id=f5b0083302edcf421265530cc01dd87c06b23af1
commit f5b0083302edcf421265530cc01dd87c06b23af1
Author: Alexander Motin <mav@FreeBSD.org>
AuthorDate: 2021-11-30 01:14:13 +0000
Commit: Alexander Motin <mav@FreeBSD.org>
CommitDate: 2021-11-30 01:20:03 +0000
mpsutil: Fix data truncation by too short buffers.
Length of some string buffers was insufficient for cases of more that
99 targets per HBA or slots per enclosure. Some others are tuned just
for better alignment. While there also fix output formatting issues.
MFC after: 1 week
Sponsored by: iXsystems, Inc.
---
usr.sbin/mpsutil/mps_show.c | 51 +++++++++++++++++++++++----------------------
1 file changed, 26 insertions(+), 25 deletions(-)
diff --git a/usr.sbin/mpsutil/mps_show.c b/usr.sbin/mpsutil/mps_show.c
index 7c2596497818..d293003fc67f 100644
--- a/usr.sbin/mpsutil/mps_show.c
+++ b/usr.sbin/mpsutil/mps_show.c
@@ -74,7 +74,7 @@ show_adapter(int ac, char **av)
MPI2_IOC_FACTS_REPLY *facts;
U16 IOCStatus;
char *speed, *minspeed, *maxspeed, *isdisabled, *type;
- char devhandle[5], ctrlhandle[5];
+ char devhandle[8], ctrlhandle[8];
int error, fd, v, i;
if (ac != 1) {
@@ -210,13 +210,14 @@ show_adapter(int ac, char **av)
type = get_device_type(le32toh(phy0->ControllerPhyDeviceInfo));
if (le16toh(phy0->AttachedDevHandle) != 0) {
- snprintf(devhandle, 5, "%04x", le16toh(phy0->AttachedDevHandle));
- snprintf(ctrlhandle, 5, "%04x",
+ snprintf(devhandle, sizeof(devhandle), "%04x",
+ le16toh(phy0->AttachedDevHandle));
+ snprintf(ctrlhandle, sizeof(ctrlhandle), "%04x",
le16toh(phy0->ControllerDevHandle));
speed = get_device_speed(phy0->NegotiatedLinkRate);
} else {
- snprintf(devhandle, 5, " ");
- snprintf(ctrlhandle, 5, " ");
+ snprintf(devhandle, sizeof(devhandle), " ");
+ snprintf(ctrlhandle, sizeof(ctrlhandle), " ");
speed = " ";
}
printf("%-8d%-12s%-11s%-10s%-8s%-7s%-7s%s\n",
@@ -516,7 +517,7 @@ show_devices(int ac, char **av)
MPI2_CONFIG_PAGE_SAS_DEV_0 *device;
MPI2_CONFIG_PAGE_EXPANDER_1 *exp1;
uint16_t IOCStatus, handle, bus, target;
- char *type, *speed, enchandle[5], slot[3], bt[8];
+ char *type, *speed, enchandle[8], slot[8], bt[16];
char buf[256];
int fd, error, nphys;
@@ -605,11 +606,11 @@ show_devices(int ac, char **av)
speed = " ";
if (device->EnclosureHandle != 0) {
- snprintf(enchandle, 5, "%04x", le16toh(device->EnclosureHandle));
- snprintf(slot, 3, "%02d", le16toh(device->Slot));
+ snprintf(enchandle, sizeof(enchandle), "%04x", le16toh(device->EnclosureHandle));
+ snprintf(slot, sizeof(slot), "%02d", le16toh(device->Slot));
} else {
- snprintf(enchandle, 5, " ");
- snprintf(slot, 3, " ");
+ snprintf(enchandle, sizeof(enchandle), " ");
+ snprintf(slot, sizeof(slot), " ");
}
printf("%-10s", bt);
snprintf(buf, sizeof(buf), "%08x%08x", le32toh(device->SASAddress.High),
@@ -634,7 +635,7 @@ static int
show_enclosures(int ac, char **av)
{
MPI2_CONFIG_PAGE_SAS_ENCLOSURE_0 *enc;
- char *type, sepstr[5];
+ char *type, sepstr[8];
uint16_t IOCStatus, handle;
int fd, error, issep;
@@ -663,9 +664,9 @@ show_enclosures(int ac, char **av)
}
type = get_enc_type(le16toh(enc->Flags), &issep);
if (issep == 0)
- snprintf(sepstr, 5, " ");
+ snprintf(sepstr, sizeof(sepstr), " ");
else
- snprintf(sepstr, 5, "%04x", le16toh(enc->SEPDevHandle));
+ snprintf(sepstr, sizeof(sepstr), "%04x", le16toh(enc->SEPDevHandle));
printf(" %.2d %08x%08x %s %04x %s\n",
le16toh(enc->NumSlots), le32toh(enc->EnclosureLogicalID.High),
le32toh(enc->EnclosureLogicalID.Low), sepstr, le16toh(enc->EnclosureHandle),
@@ -685,7 +686,7 @@ show_expanders(int ac, char **av)
MPI2_CONFIG_PAGE_EXPANDER_0 *exp0;
MPI2_CONFIG_PAGE_EXPANDER_1 *exp1;
uint16_t IOCStatus, handle;
- char enchandle[5], parent[5], rphy[3], rhandle[5];
+ char enchandle[8], parent[8], rphy[4], rhandle[8];
char *speed, *min, *max, *type;
int fd, error, nphys, i;
@@ -717,19 +718,19 @@ show_expanders(int ac, char **av)
handle = le16toh(exp0->DevHandle);
if (exp0->EnclosureHandle == 0x00)
- snprintf(enchandle, 5, " ");
+ snprintf(enchandle, sizeof(enchandle), " ");
else
- snprintf(enchandle, 5, "%04d", le16toh(exp0->EnclosureHandle));
+ snprintf(enchandle, sizeof(enchandle), "%04d", le16toh(exp0->EnclosureHandle));
if (exp0->ParentDevHandle == 0x0)
- snprintf(parent, 5, " ");
+ snprintf(parent, sizeof(parent), " ");
else
- snprintf(parent, 5, "%04x", le16toh(exp0->ParentDevHandle));
+ snprintf(parent, sizeof(parent), "%04x", le16toh(exp0->ParentDevHandle));
printf(" %02d %08x%08x %04x %s %s %d\n",
exp0->NumPhys, le32toh(exp0->SASAddress.High), le32toh(exp0->SASAddress.Low),
le16toh(exp0->DevHandle), parent, enchandle, exp0->SASLevel);
printf("\n");
- printf(" Phy RemotePhy DevHandle Speed Min Max Device\n");
+ printf(" Phy RemotePhy DevHandle Speed Min Max Device\n");
for (i = 0; i < nphys; i++) {
exp1 = mps_read_extended_config_page(fd,
MPI2_CONFIG_EXTPAGETYPE_SAS_EXPANDER,
@@ -745,20 +746,20 @@ show_expanders(int ac, char **av)
}
type = get_device_type(le32toh(exp1->AttachedDeviceInfo));
if ((le32toh(exp1->AttachedDeviceInfo) &0x7) == 0) {
- speed = " ";
- snprintf(rphy, 3, " ");
- snprintf(rhandle, 5, " ");
+ speed = " ";
+ snprintf(rphy, sizeof(rphy), " ");
+ snprintf(rhandle, sizeof(rhandle), " ");
} else {
speed = get_device_speed(
exp1->NegotiatedLinkRate);
- snprintf(rphy, 3, "%02d",
+ snprintf(rphy, sizeof(rphy), "%02d",
exp1->AttachedPhyIdentifier);
- snprintf(rhandle, 5, "%04x",
+ snprintf(rhandle, sizeof(rhandle), "%04x",
le16toh(exp1->AttachedDevHandle));
}
min = get_device_speed(exp1->HwLinkRate);
max = get_device_speed(exp1->HwLinkRate >> 4);
- printf(" %02d %s %s %s %s %s %s\n", exp1->Phy, rphy, rhandle, speed, min, max, type);
+ printf(" %02d %s %s %s %s %s %s\n", exp1->Phy, rphy, rhandle, speed, min, max, type);
free(exp1);
}