svn commit: r199649 - stable/8/sys/kern
Oliver Pinter
oliver.pntr at gmail.com
Sun Nov 22 22:09:52 UTC 2009
and this too for 7-STABLE
On 11/22/09, Attilio Rao <attilio at freebsd.org> wrote:
> Author: attilio
> Date: Sun Nov 22 15:53:39 2009
> New Revision: 199649
> URL: http://svn.freebsd.org/changeset/base/199649
>
> Log:
> MFC r199209:
> Fix a potential buffer boundaries overflow in devclass_add_device() by
> using all available int lenghts digits for storing the information.
>
> Sponsored by: Sandvine Incorporated
>
> Modified:
> stable/8/sys/kern/subr_bus.c
> Directory Properties:
> stable/8/sys/ (props changed)
> stable/8/sys/amd64/include/xen/ (props changed)
> stable/8/sys/cddl/contrib/opensolaris/ (props changed)
> stable/8/sys/contrib/dev/acpica/ (props changed)
> stable/8/sys/contrib/pf/ (props changed)
> stable/8/sys/dev/xen/xenpci/ (props changed)
>
> Modified: stable/8/sys/kern/subr_bus.c
> ==============================================================================
> --- stable/8/sys/kern/subr_bus.c Sun Nov 22 14:32:32 2009 (r199648)
> +++ stable/8/sys/kern/subr_bus.c Sun Nov 22 15:53:39 2009 (r199649)
> @@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$");
> #include <sys/lock.h>
> #include <sys/kernel.h>
> #include <sys/kobj.h>
> +#include <sys/limits.h>
> #include <sys/malloc.h>
> #include <sys/module.h>
> #include <sys/mutex.h>
> @@ -1584,7 +1585,7 @@ devclass_add_device(devclass_t dc, devic
>
> PDEBUG(("%s in devclass %s", DEVICENAME(dev), DEVCLANAME(dc)));
>
> - buflen = snprintf(NULL, 0, "%s%d$", dc->name, dev->unit);
> + buflen = snprintf(NULL, 0, "%s%d$", dc->name, INT_MAX);
> if (buflen < 0)
> return (ENOMEM);
> dev->nameunit = malloc(buflen, M_BUS, M_NOWAIT|M_ZERO);
> _______________________________________________
> svn-src-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-stable
> To unsubscribe, send any mail to "svn-src-stable-unsubscribe at freebsd.org"
>
More information about the svn-src-stable-8
mailing list