Fix the label search routine in geom_map to not trip up on '\0' bytes.

* Just do the buf check early and fail out * If the offset being searched is: 00110000 00 b5 7e 45 61 e2 76 d3 c1 78 dd 15 95 cd 1f f1 |..~Ea.v..x......| .. and the match string is '.!/bin/sh' .. then it'll set the match string[0] to '\0', do a strncmp() against the read buffer, find it's matching two zero-length strings, and think that's where to start. MFC after: 2 weeks
svn path=/head/; revision=280239
2015-03-19 03:58:25 +00:00 · 2015-03-19 03:58:25 +00:00 · 28d507fcec · 2020-12-20 02:59:44 +00:00
commit 28d507fcec
parent dfdf9abd94
1 changed files with 9 additions and 1 deletions
--- a/sys/geom/geom_map.c
+++ b/sys/geom/geom_map.c
@ -171,6 +171,13 @@ find_marker(struct g_consumer *cp, const char *line, off_t *offset)
 		    roundup(strlen(search_key), sectorsize), NULL);
 		g_topology_lock();

+		/*
+		 * Don't bother doing the rest if buf==NULL; eg derefencing
+		 * to assemble 'key'.
+		 */
+		if (buf == NULL)
+			continue;
+
 		/* Wildcard, replace '.' with byte from data */
 		/* TODO: add support wildcard escape '\.' */

@ -183,7 +190,8 @@ find_marker(struct g_consumer *cp, const char *line, off_t *offset)
 			}
 		}

-		if (buf != NULL && strncmp(buf + search_offset % sectorsize,
+		/* Assume buf != NULL here */
+		if (memcmp(buf + search_offset % sectorsize,
 		    key, strlen(search_key)) == 0) {
 			g_free(buf);
 			/* Marker found, so return their offset */