Correctly check the number of prison states to not access anything
outside the prison_states array. When checking if there is a name configured for the prison, check the first character to not be '\0' instead of checking if the char array is present, which it always is. Note, that this is different for the *jailname in the syscall. Found with: Coverity Prevent(tm) CID: 4156, 4155 MFC after: 4 weeks (just that I get the mail)
This commit is contained in:
parent
b2dbdae9f3
commit
0f1fe22db5
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=185899
@ -1574,13 +1574,13 @@ DB_SHOW_COMMAND(jails, db_show_jails)
|
||||
pr->pr_ip4s, pr->pr_ip6s);
|
||||
db_printf("%6s %-29.29s %.74s\n",
|
||||
"", pr->pr_host, pr->pr_path);
|
||||
if (pr->pr_state < 0 || pr->pr_state > (int)((sizeof(
|
||||
if (pr->pr_state < 0 || pr->pr_state >= (int)((sizeof(
|
||||
prison_states) / sizeof(struct prison_state))))
|
||||
state = "(bogus)";
|
||||
else
|
||||
state = prison_states[pr->pr_state].state_name;
|
||||
db_printf("%6s %-29.29s %.74s\n",
|
||||
"", (pr->pr_name != NULL) ? pr->pr_name : "", state);
|
||||
"", (pr->pr_name[0] != '\0') ? pr->pr_name : "", state);
|
||||
db_printf("%6s %-6d\n",
|
||||
"", pr->pr_cpuset->cs_id);
|
||||
#ifdef INET
|
||||
|
@ -80,13 +80,13 @@ char *lookup_xprison_v3(void *p, char *end, int *id, char *jailname)
|
||||
ok = 1;
|
||||
|
||||
/* Jail state and name. */
|
||||
if (xp->pr_state < 0 || xp->pr_state >
|
||||
if (xp->pr_state < 0 || xp->pr_state >=
|
||||
(int)((sizeof(prison_states) / sizeof(struct prison_state))))
|
||||
errx(1, "Invalid jail state.");
|
||||
else if (xp->pr_state != PRISON_STATE_ALIVE)
|
||||
ok = 0;
|
||||
if (jailname != NULL) {
|
||||
if (xp->pr_name == NULL)
|
||||
if (xp->pr_name[0] == '\0')
|
||||
ok = 0;
|
||||
else if (strcmp(jailname, xp->pr_name) != 0)
|
||||
ok = 0;
|
||||
|
@ -86,7 +86,7 @@ char *print_xprison_v3(void *p, char *end, unsigned flags)
|
||||
errx(1, "Invalid length for jail");
|
||||
xp = (struct xprison *)p;
|
||||
|
||||
if (xp->pr_state < 0 || xp->pr_state > (int)
|
||||
if (xp->pr_state < 0 || xp->pr_state >= (int)
|
||||
((sizeof(prison_states) / sizeof(struct prison_state))))
|
||||
state = "(bogus)";
|
||||
else
|
||||
@ -110,7 +110,7 @@ char *print_xprison_v3(void *p, char *end, unsigned flags)
|
||||
/* Jail state and name. */
|
||||
if (flags & FLAG_V)
|
||||
printf("%6s %-29.29s %.74s\n",
|
||||
"", (xp->pr_name != NULL) ? xp->pr_name : "", state);
|
||||
"", (xp->pr_name[0] != '\0') ? xp->pr_name : "", state);
|
||||
|
||||
/* cpusetid. */
|
||||
if (flags & FLAG_V)
|
||||
|
Loading…
Reference in New Issue
Block a user