diff options
| author |   krw <krw@openbsd.org> | 2003-04-19 12:59:13 +0000 |
|---|---|---|
| committer | krw <krw@openbsd.org> | 2003-04-19 12:59:13 +0000 |
| commit | 7be7d307d5972be3223a7001a84a7a930b5cd1d2 (patch) | |
| tree | c321f14cdef6cc909be09a8f72eb004e536416d7 | |
| parent | Davicom DM9009 (diff) | |
| download | wireguard-openbsd-7be7d307d5972be3223a7001a84a7a930b5cd1d2.tar.xz wireguard-openbsd-7be7d307d5972be3223a7001a84a7a930b5cd1d2.zip | |
Some string cleanup: sprintf -> snprintf and magic numbers to sizeof
(remember: d_[type|pack]name do not need terminating null).
Take the opportunity to introduce some paranoia and check the device
name lengths to make sure they fit, with appropriate errors if not.
ok tedu@ tdeval@
| -rw-r--r-- | sys/dev/ramdisk.c | 14 | ||||
| -rw-r--r-- | sys/dev/vnd.c | 16 |
2 files changed, 20 insertions, 10 deletions
diff --git a/sys/dev/ramdisk.c b/sys/dev/ramdisk.c index ccfd1697a2b..4387993ff04 100644 --- a/sys/dev/ramdisk.c +++ b/sys/dev/ramdisk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ramdisk.c,v 1.20 2003/03/03 12:08:28 miod Exp $ */ +/* $OpenBSD: ramdisk.c,v 1.21 2003/04/19 12:59:13 krw Exp $ */ /* $NetBSD: ramdisk.c,v 1.8 1996/04/12 08:30:09 leo Exp $ */ /* @@ -149,12 +149,16 @@ rdattach(n) /* Attach as if by autoconfig. */ for (i = 0; i < n; i++) { - sc = malloc(sizeof(*sc), M_DEVBUF, M_WAITOK); bzero((caddr_t)sc, sizeof(*sc)); + if (snprintf(sc->sc_dev.dv_xname, sizeof(sc->sc_dev.dv_xname), + "rd%d", i) >= sizeof(sc->sc_dev.dv_xname)) { + printf("rdattach: device name too long\n"); + free(sc, M_DEVBUF); + return; + } ramdisk_devs[i] = sc; sc->sc_dev.dv_unit = i; - sprintf(sc->sc_dev.dv_xname, "rd%d", i); rd_attach(NULL, &sc->sc_dev, NULL); } } @@ -496,9 +500,9 @@ rdgetdisklabel(dev, sc) /* as long as it's not 0 - readdisklabel divides by it (?) */ } - strncpy(lp.d_typename, "RAM disk", 16); + strncpy(lp.d_typename, "RAM disk", sizeof(lp.d_typename)); lp.d_type = DTYPE_SCSI; - strncpy(lp.d_packname, "fictitious", 16); + strncpy(lp.d_packname, "fictitious", sizeof(lp.d_packname)); lp.d_secperunit = lp.d_nsectors; lp.d_rpm = 3600; lp.d_interleave = 1; diff --git a/sys/dev/vnd.c b/sys/dev/vnd.c index a4142dd29e7..ae91ce55d84 100644 --- a/sys/dev/vnd.c +++ b/sys/dev/vnd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vnd.c,v 1.36 2003/04/06 22:01:43 miod Exp $ */ +/* $OpenBSD: vnd.c,v 1.37 2003/04/19 12:59:13 krw Exp $ */ /* $NetBSD: vnd.c,v 1.26 1996/03/30 23:06:11 christos Exp $ */ /* @@ -302,9 +302,9 @@ vndgetdisklabel(dev, sc) /* as long as it's not 0 - readdisklabel divides by it (?) */ } - strncpy(lp->d_typename, "vnd device", 16); + strncpy(lp->d_typename, "vnd device", sizeof(lp->d_typename)); lp->d_type = DTYPE_SCSI; - strncpy(lp->d_packname, "fictitious", 16); + strncpy(lp->d_packname, "fictitious", sizeof(lp->d_packname)); lp->d_secperunit = sc->sc_size; lp->d_rpm = 3600; lp->d_interleave = 1; @@ -780,6 +780,14 @@ vndioctl(dev, cmd, addr, flag, p) if ((error = vndlock(vnd)) != 0) return (error); + bzero(vnd->sc_dev.dv_xname, sizeof(vnd->sc_dev.dv_xname)); + if (snprintf(vnd->sc_dev.dv_xname, sizeof(vnd->sc_dev.dv_xname), + "vnd%d", unit) >= sizeof(vnd->sc_dev.dv_xname)) { + printf("VNDIOCSET: device name too long\n"); + vndunlock(vnd); + return(ENXIO); + } + /* * Always open for read and write. * This is probably bogus, but it lets vn_open() @@ -837,8 +845,6 @@ vndioctl(dev, cmd, addr, flag, p) #endif /* Attach the disk. */ - bzero(vnd->sc_dev.dv_xname, sizeof(vnd->sc_dev.dv_xname)); - sprintf(vnd->sc_dev.dv_xname, "vnd%d", unit); vnd->sc_dk.dk_driver = &vnddkdriver; vnd->sc_dk.dk_name = vnd->sc_dev.dv_xname; disk_attach(&vnd->sc_dk); |