d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correctly check the number of prison states to not access anything

Browse Source 
outside the prison_states array.
When checking if there is a name configured for the prison, check the
first character to not be '\0' instead of checking if the char array
is present, which it always is. Note, that this is different for the
*jailname in the syscall.

Found with:	Coverity Prevent(tm)
CID:		4156, 4155
MFC after:	4 weeks (just that I get the mail)
This commit is contained in:
Bjoern A. Zeeb 2008-12-11 01:04:25 +00:00
parent b2dbdae9f3
commit 0f1fe22db5
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=185899
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/kern/kern_jail.c
View File

@ -1574,13 +1574,13 @@ DB_SHOW_COMMAND(jails, db_show_jails)
pr->pr_ip4s, pr->pr_ip6s);
db_printf("%6s %-29.29s %.74s\n",
"", pr->pr_host, pr->pr_path);
if (pr->pr_state < 0 || pr->pr_state > (int)((sizeof(
if (pr->pr_state < 0 || pr->pr_state >= (int)((sizeof(
prison_states) / sizeof(struct prison_state))))
state = "(bogus)";
else
state = prison_states[pr->pr_state].state_name;
db_printf("%6s %-29.29s %.74s\n",
"", (pr->pr_name != NULL) ? pr->pr_name : "", state);
"", (pr->pr_name[0] != '\0') ? pr->pr_name : "", state);
db_printf("%6s %-6d\n",
"", pr->pr_cpuset->cs_id);
#ifdef INET

4
usr.sbin/jexec/jexec.c
View File

@ -80,13 +80,13 @@ char *lookup_xprison_v3(void *p, char *end, int *id, char *jailname)
ok = 1;
/* Jail state and name. */
if (xp->pr_state < 0 || xp->pr_state >
if (xp->pr_state < 0 || xp->pr_state >=
(int)((sizeof(prison_states) / sizeof(struct prison_state))))
errx(1, "Invalid jail state.");
else if (xp->pr_state != PRISON_STATE_ALIVE)
ok = 0;
if (jailname != NULL) {
if (xp->pr_name == NULL)
if (xp->pr_name[0] == '\0')
ok = 0;
else if (strcmp(jailname, xp->pr_name) != 0)
ok = 0;

4
usr.sbin/jls/jls.c
View File

@ -86,7 +86,7 @@ char *print_xprison_v3(void *p, char *end, unsigned flags)
errx(1, "Invalid length for jail");
xp = (struct xprison *)p;
if (xp->pr_state < 0 || xp->pr_state > (int)
if (xp->pr_state < 0 || xp->pr_state >= (int)
((sizeof(prison_states) / sizeof(struct prison_state))))
state = "(bogus)";
else
@ -110,7 +110,7 @@ char *print_xprison_v3(void *p, char *end, unsigned flags)
/* Jail state and name. */
if (flags & FLAG_V)
printf("%6s %-29.29s %.74s\n",
"", (xp->pr_name != NULL) ? xp->pr_name : "", state);
"", (xp->pr_name[0] != '\0') ? xp->pr_name : "", state);
/* cpusetid. */
if (flags & FLAG_V)