From 0f1fe22db557ac7f2fa65f58fa7e399176f4ee56 Mon Sep 17 00:00:00 2001
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
Date: Thu, 11 Dec 2008 01:04:25 +0000
Subject: [PATCH] Correctly check the number of prison states to not access
 anything outside the prison_states array. When checking if there is a name
 configured for the prison, check the first character to not be '\0' instead
 of checking if the char array is present, which it always is. Note, that this
 is different for the *jailname in the syscall.

Found with:	Coverity Prevent(tm)
CID:		4156, 4155
MFC after:	4 weeks (just that I get the mail)
---
 sys/kern/kern_jail.c   | 4 ++--
 usr.sbin/jexec/jexec.c | 4 ++--
 usr.sbin/jls/jls.c     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index e4a027c17bf2..0059b8f8df62 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -1574,13 +1574,13 @@ DB_SHOW_COMMAND(jails, db_show_jails)
 		    pr->pr_ip4s, pr->pr_ip6s);
 		db_printf("%6s  %-29.29s %.74s\n",
 		    "", pr->pr_host, pr->pr_path);
-		if (pr->pr_state < 0 || pr->pr_state > (int)((sizeof(
+		if (pr->pr_state < 0 || pr->pr_state >= (int)((sizeof(
 		    prison_states) / sizeof(struct prison_state))))
 			state = "(bogus)";
 		else
 			state = prison_states[pr->pr_state].state_name;
 		db_printf("%6s  %-29.29s %.74s\n",
-		    "", (pr->pr_name != NULL) ? pr->pr_name : "", state);
+		    "", (pr->pr_name[0] != '\0') ? pr->pr_name : "", state);
 		db_printf("%6s  %-6d\n",
 		    "", pr->pr_cpuset->cs_id);
 #ifdef INET
diff --git a/usr.sbin/jexec/jexec.c b/usr.sbin/jexec/jexec.c
index 69bc8f02448a..9d788dd4084a 100644
--- a/usr.sbin/jexec/jexec.c
+++ b/usr.sbin/jexec/jexec.c
@@ -80,13 +80,13 @@ char *lookup_xprison_v3(void *p, char *end, int *id, char *jailname)
 	ok = 1;
 
 	/* Jail state and name. */
-	if (xp->pr_state < 0 || xp->pr_state >
+	if (xp->pr_state < 0 || xp->pr_state >=
 	    (int)((sizeof(prison_states) / sizeof(struct prison_state))))
 		errx(1, "Invalid jail state.");
 	else if (xp->pr_state != PRISON_STATE_ALIVE)
 		ok = 0;
 	if (jailname != NULL) {
-		if (xp->pr_name == NULL)
+		if (xp->pr_name[0] == '\0')
 			ok = 0;
 		else if (strcmp(jailname, xp->pr_name) != 0)
 			ok = 0;
diff --git a/usr.sbin/jls/jls.c b/usr.sbin/jls/jls.c
index 4488c31121b5..5853abc5fc97 100644
--- a/usr.sbin/jls/jls.c
+++ b/usr.sbin/jls/jls.c
@@ -86,7 +86,7 @@ char *print_xprison_v3(void *p, char *end, unsigned flags)
 		errx(1, "Invalid length for jail");
 	xp = (struct xprison *)p;
 
-	if (xp->pr_state < 0 || xp->pr_state > (int)
+	if (xp->pr_state < 0 || xp->pr_state >= (int)
 	    ((sizeof(prison_states) / sizeof(struct prison_state))))
 		state = "(bogus)";
 	else
@@ -110,7 +110,7 @@ char *print_xprison_v3(void *p, char *end, unsigned flags)
 	/* Jail state and name. */
 	if (flags & FLAG_V)
 		printf("%6s  %-29.29s %.74s\n",
-		    "", (xp->pr_name != NULL) ? xp->pr_name : "", state);
+		    "", (xp->pr_name[0] != '\0') ? xp->pr_name : "", state);
 
 	/* cpusetid. */
 	if (flags & FLAG_V)