PERFORCE change 18882 for review
Robert Watson
rwatson at freebsd.org
Mon Oct 7 21:40:36 GMT 2002
You can use the in-kernel strvalid() routine to check that a character
buffer contains a valid nul-terminated string, btw.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Network Associates Laboratories
On Mon, 7 Oct 2002, Brian Feldman wrote:
> http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18882
>
> Change 18882 by green at green_laptop_2 on 2002/10/07 13:56:09
>
> Don't print past the end of the context from the disk if it's
> not nul-terminated.
>
> Affected files ...
>
> .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#31 edit
>
> Differences ...
>
> ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#31 (text+ko) ====
>
> @@ -406,7 +406,7 @@
>
> vsec = SLOT(vnodelabel);
>
> - context_len = 128; /* TBD: bad fixed length */
> + context_len = sizeof(context) - 1; /* TBD: bad fixed length */
> error = vn_extattr_get(vp, IO_NODELOCKED,
> SEBSD_MAC_EXTATTR_NAMESPACE,
> SEBSD_MAC_EXTATTR_NAME,
> @@ -424,20 +424,19 @@
> if (error) {
> return (error); /* Fail closed */
> }
> -
> if (sebsd_verbose > 1) {
> struct vattr va;
>
> VOP_GETATTR(vp, &va, curthread->td_ucred, curthread);
> - printf("sebsd_vnode_from_extattr: len=%d: context=%s "
> - "inode=%ld, fsid=%d\n", context_len, context,
> - va.va_fileid, va.va_fsid);
> + printf("sebsd_vnode_from_extattr: len=%d: context=%.*s "
> + "inode=%ld, fsid=%d\n", context_len, context_len,
> + context, va.va_fileid, va.va_fsid);
> }
>
> error = security_context_to_sid(context, context_len, &vsec->sid);
> if (error) {
> printf("sebsd_update_vnode_from_extattr: ERROR mapping "
> - "context to sid: %s\n", context);
> + "context to sid: %.*s\n", context_len, context);
> return (0); /* TBD bad, bad, bad */
> }
>
>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list