Set the SBUF_INCLUDENUL flag in sbuf_new_for_sysctl() so that sysctl

strings returned to userland include the nulterm byte. Some uses of sbuf_new_for_sysctl() write binary data rather than strings; clear the SBUF_INCLUDENUL flag after calling sbuf_new_for_sysctl() in those cases. (Note that the sbuf code still automatically adds a nulterm byte in sbuf_finish(), but since it's not included in the length it won't get copied to userland along with the binary data.) Remove explicit adding of a nulterm byte in a couple places now that it gets done automatically by the sbuf drain code. PR: 195668
svn path=/head/; revision=279993
2015-03-14 17:08:28 +00:00 · 2015-03-14 17:08:28 +00:00 · 1eafc07856 · 2020-12-20 02:59:44 +00:00
commit 1eafc07856
parent f4d281428f
7 changed files with 10 additions and 13 deletions
--- a/sys/dev/cxgb/cxgb_sge.c
+++ b/sys/dev/cxgb/cxgb_sge.c
@ -3149,9 +3149,6 @@ t3_dump_rspq(SYSCTL_HANDLER_ARGS)
 	}

 	err = sbuf_finish(sb);
-	/* Output a trailing NUL. */
-	if (err == 0)
-		err = SYSCTL_OUT(req, "", 1);
 	sbuf_delete(sb);
 	return (err);
 }	
@ -3219,9 +3216,6 @@ t3_dump_txq_eth(SYSCTL_HANDLER_ARGS)

 	}
 	err = sbuf_finish(sb);
-	/* Output a trailing NUL. */
-	if (err == 0)
-		err = SYSCTL_OUT(req, "", 1);
 	sbuf_delete(sb);
 	return (err);
 }
@ -3279,9 +3273,6 @@ t3_dump_txq_ctrl(SYSCTL_HANDLER_ARGS)

 	}
 	err = sbuf_finish(sb);
-	/* Output a trailing NUL. */
-	if (err == 0)
-		err = SYSCTL_OUT(req, "", 1);
 	sbuf_delete(sb);
 	return (err);
 }
--- a/sys/dev/cxgbe/t4_main.c
+++ b/sys/dev/cxgbe/t4_main.c
@ -5083,12 +5083,11 @@ sysctl_int_array(SYSCTL_HANDLER_ARGS)
 	int rc, *i;
 	struct sbuf sb;

-	sbuf_new(&sb, NULL, 32, SBUF_AUTOEXTEND);
+	sbuf_new_for_sysctl(&sb, NULL, 64, req);
 	for (i = arg1; arg2; arg2 -= sizeof(int), i++)
 		sbuf_printf(&sb, "%d ", *i);
 	sbuf_trim(&sb);
-	sbuf_finish(&sb);
-	rc = sysctl_handle_string(oidp, sbuf_data(&sb), sbuf_len(&sb), req);
+	rc = sbuf_finish(&sb);
 	sbuf_delete(&sb);
 	return (rc);
 }
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@ -3296,6 +3296,7 @@ sysctl_kern_proc_filedesc(SYSCTL_HANDLER_ARGS)
 	name = (int *)arg1;

 	sbuf_new_for_sysctl(&sb, NULL, FILEDESC_SBUF_SIZE, req);
+	sbuf_clear_flags(&sb, SBUF_INCLUDENUL);
 	error = pget((pid_t)name[0], PGET_CANDEBUG | PGET_NOTWEXIT, &p);
 	if (error != 0) {
 		sbuf_delete(&sb);
@ -3490,6 +3491,7 @@ sysctl_kern_proc_cwd(SYSCTL_HANDLER_ARGS)
 	name = (int *)arg1;

 	sbuf_new_for_sysctl(&sb, NULL, sizeof(struct kinfo_file), req);
+	sbuf_clear_flags(&sb, SBUF_INCLUDENUL);
 	error = pget((pid_t)name[0], PGET_CANDEBUG | PGET_NOTWEXIT, &p);
 	if (error != 0) {
 		sbuf_delete(&sb);
--- a/sys/kern/kern_malloc.c
+++ b/sys/kern/kern_malloc.c
@ -918,6 +918,7 @@ sysctl_kern_malloc_stats(SYSCTL_HANDLER_ARGS)
 	if (error != 0)
 		return (error);
 	sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
+	sbuf_clear_flags(&sbuf, SBUF_INCLUDENUL);
 	mtx_lock(&malloc_mtx);

 	/*
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@ -1273,6 +1273,7 @@ sysctl_out_proc(struct proc *p, struct sysctl_req *req, int flags,

 	pid = p->p_pid;
 	sbuf_new_for_sysctl(&sb, (char *)&ki, sizeof(ki), req);
+	sbuf_clear_flags(&sb, SBUF_INCLUDENUL);
 	error = kern_proc_out(p, &sb, flags);
 	error2 = sbuf_finish(&sb);
 	sbuf_delete(&sb);
@ -1934,6 +1935,7 @@ sysctl_kern_proc_auxv(SYSCTL_HANDLER_ARGS)
 		return (0);
 	}
 	sbuf_new_for_sysctl(&sb, NULL, GET_PS_STRINGS_CHUNK_SZ, req);
+	sbuf_clear_flags(&sb, SBUF_INCLUDENUL);
 	error = proc_getauxv(curthread, p, &sb);
 	error2 = sbuf_finish(&sb);
 	PRELE(p);
@ -2421,6 +2423,7 @@ sysctl_kern_proc_vmmap(SYSCTL_HANDLER_ARGS)

 	name = (int *)arg1;
 	sbuf_new_for_sysctl(&sb, NULL, sizeof(struct kinfo_vmentry), req);
+	sbuf_clear_flags(&sb, SBUF_INCLUDENUL);
 	error = pget((pid_t)name[0], PGET_CANDEBUG | PGET_NOTWEXIT, &p);
 	if (error != 0) {
 		sbuf_delete(&sb);
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@ -1807,7 +1807,7 @@ sbuf_new_for_sysctl(struct sbuf *s, char *buf, int length,
    struct sysctl_req *req)
 {

-	s = sbuf_new(s, buf, length, SBUF_FIXEDLEN);
+	s = sbuf_new(s, buf, length, SBUF_FIXEDLEN | SBUF_INCLUDENUL);
 	sbuf_set_drain(s, sbuf_sysctl_drain, req);
 	return (s);
 }
--- a/sys/vm/uma_core.c
+++ b/sys/vm/uma_core.c
@ -3451,6 +3451,7 @@ sysctl_vm_zone_stats(SYSCTL_HANDLER_ARGS)
 	if (error != 0)
 		return (error);
 	sbuf_new_for_sysctl(&sbuf, NULL, 128, req);
+	sbuf_clear_flags(&sbuf, SBUF_INCLUDENUL);

 	count = 0;
 	rw_rlock(&uma_rwlock);