diff --git a/lib/libnetgraph/internal.h b/lib/libnetgraph/internal.h index 99b5eccac427..0c947e5eab6d 100644 --- a/lib/libnetgraph/internal.h +++ b/lib/libnetgraph/internal.h @@ -46,6 +46,7 @@ #include #include #include +#include #include #include @@ -55,6 +56,10 @@ #include #include +/* the 'sockaddr overhead' for a netgraph address. This is everything before + * the string that constitutes the address. */ +#define NGSA_OVERHEAD (offsetof(struct sockaddr_ng, sg_data)) + extern int _gNgDebugLevel; extern void (*_NgLog)(const char *fmt, ...); diff --git a/lib/libnetgraph/msg.c b/lib/libnetgraph/msg.c index 2c2565f2ee4f..927a31ad856b 100644 --- a/lib/libnetgraph/msg.c +++ b/lib/libnetgraph/msg.c @@ -76,7 +76,7 @@ NgSendMsg(int cs, const char *path, msg.header.token = gMsgId; msg.header.flags = NGF_ORIG; msg.header.cmd = cmd; - snprintf(msg.header.cmdstr, NG_CMDSTRLEN + 1, "cmd%d", cmd); + snprintf(msg.header.cmdstr, NG_CMDSTRSIZ, "cmd%d", cmd); /* Deliver message */ if (NgDeliverMsg(cs, path, &msg, args, arglen) < 0) @@ -175,7 +175,7 @@ static int NgDeliverMsg(int cs, const char *path, const struct ng_mesg *hdr, const void *args, size_t arglen) { - u_char sgbuf[NG_PATHLEN + 3]; + u_char sgbuf[NG_PATHSIZ + NGSA_OVERHEAD]; struct sockaddr_ng *const sg = (struct sockaddr_ng *) sgbuf; u_char *buf = NULL; struct ng_mesg *msg; @@ -203,8 +203,9 @@ NgDeliverMsg(int cs, const char *path, /* Prepare socket address */ sg->sg_family = AF_NETGRAPH; - snprintf(sg->sg_data, NG_PATHLEN + 1, "%s", path); - sg->sg_len = strlen(sg->sg_data) + 3; + /* XXX handle overflow */ + strlcpy(sg->sg_data, path, NG_PATHSIZ); + sg->sg_len = strlen(sg->sg_data) + 1 + NGSA_OVERHEAD; /* Debugging */ if (_gNgDebugLevel >= 2) { @@ -240,7 +241,7 @@ done: int NgRecvMsg(int cs, struct ng_mesg *rep, size_t replen, char *path) { - u_char sgbuf[NG_PATHLEN + sizeof(struct sockaddr_ng)]; + u_char sgbuf[NG_PATHSIZ + NGSA_OVERHEAD]; struct sockaddr_ng *const sg = (struct sockaddr_ng *) sgbuf; int len, sglen = sizeof(sgbuf); int errnosv; @@ -254,7 +255,7 @@ NgRecvMsg(int cs, struct ng_mesg *rep, size_t replen, char *path) goto errout; } if (path != NULL) - snprintf(path, NG_PATHLEN + 1, "%s", sg->sg_data); + strlcpy(path, sg->sg_data, NG_PATHSIZ); /* Debugging */ if (_gNgDebugLevel >= 2) { diff --git a/lib/libnetgraph/netgraph.3 b/lib/libnetgraph/netgraph.3 index f847701e6678..b50ccee95d4e 100644 --- a/lib/libnetgraph/netgraph.3 +++ b/lib/libnetgraph/netgraph.3 @@ -174,7 +174,7 @@ bytes. If .Fa "path" is non-NULL, it must point to a buffer of at least -.Dv "NG_PATHLEN + 1" +.Dv "NG_PATHSIZ" bytes, which will be filled in (and NUL terminated) with the path to the node from which the message was received. .Pp @@ -216,7 +216,7 @@ and stores it in which must be large enough to hold the entire packet. If .Fa "hook" is non-NULL, it must point to a buffer of at least -.Dv "NG_HOOKLEN + 1" +.Dv "NG_HOOKSIZ" bytes, which will be filled in (and NUL terminated) with the name of the hook on which the data was received. .Pp diff --git a/lib/libnetgraph/sock.c b/lib/libnetgraph/sock.c index d3bdf59651df..7485baa6830f 100644 --- a/lib/libnetgraph/sock.c +++ b/lib/libnetgraph/sock.c @@ -60,7 +60,7 @@ __FBSDID("$FreeBSD$"); int NgMkSockNode(const char *name, int *csp, int *dsp) { - char namebuf[NG_NODELEN + 1]; + char namebuf[NG_NODESIZ]; int cs = -1; /* control socket */ int ds = -1; /* data socket */ int errnosv; @@ -93,13 +93,13 @@ NgMkSockNode(const char *name, int *csp, int *dsp) gotNode: /* Assign the node the desired name, if any */ if (name != NULL) { - u_char sbuf[NG_NODELEN + 3]; + u_char sbuf[NG_NODESIZ + NGSA_OVERHEAD]; struct sockaddr_ng *const sg = (struct sockaddr_ng *) sbuf; /* Assign name */ - snprintf(sg->sg_data, NG_NODELEN + 1, "%s", name); + strlcpy(sg->sg_data, name, NG_NODESIZ); sg->sg_family = AF_NETGRAPH; - sg->sg_len = strlen(sg->sg_data) + 3; + sg->sg_len = strlen(sg->sg_data) + 1 + NGSA_OVERHEAD; if (bind(cs, (struct sockaddr *) sg, sg->sg_len) < 0) { errnosv = errno; if (_gNgDebugLevel >= 1) @@ -108,7 +108,7 @@ gotNode: } /* Save node name */ - snprintf(namebuf, sizeof(namebuf), "%s", name); + strlcpy(namebuf, name, sizeof(namebuf)); } else if (dsp != NULL) { u_char rbuf[sizeof(struct ng_mesg) + sizeof(struct nodeinfo)]; struct ng_mesg *const resp = (struct ng_mesg *) rbuf; @@ -135,7 +135,7 @@ gotNode: /* Create data socket if desired */ if (dsp != NULL) { - u_char sbuf[NG_NODELEN + 4]; + u_char sbuf[NG_NODESIZ + 1 + NGSA_OVERHEAD]; struct sockaddr_ng *const sg = (struct sockaddr_ng *) sbuf; /* Create data socket, initially just "floating" */ @@ -147,9 +147,9 @@ gotNode: } /* Associate the data socket with the node */ - snprintf(sg->sg_data, NG_NODELEN + 2, "%s:", namebuf); + snprintf(sg->sg_data, NG_NODESIZ + 1, "%s:", namebuf); sg->sg_family = AF_NETGRAPH; - sg->sg_len = strlen(sg->sg_data) + 3; + sg->sg_len = strlen(sg->sg_data) + 1 + NGSA_OVERHEAD; if (connect(ds, (struct sockaddr *) sg, sg->sg_len) < 0) { errnosv = errno; if (_gNgDebugLevel >= 1) @@ -211,7 +211,7 @@ NgNameNode(int cs, const char *path, const char *fmt, ...) int NgRecvData(int ds, u_char * buf, size_t len, char *hook) { - u_char frombuf[NG_HOOKLEN + sizeof(struct sockaddr_ng)]; + u_char frombuf[NG_HOOKSIZ + NGSA_OVERHEAD]; struct sockaddr_ng *const from = (struct sockaddr_ng *) frombuf; int fromlen = sizeof(frombuf); int rtn, errnosv; @@ -228,7 +228,7 @@ NgRecvData(int ds, u_char * buf, size_t len, char *hook) /* Copy hook name */ if (hook != NULL) - snprintf(hook, NG_HOOKLEN + 1, "%s", from->sg_data); + strlcpy(hook, from->sg_data, NG_HOOKSIZ); /* Debugging */ if (_gNgDebugLevel >= 2) { @@ -250,14 +250,14 @@ NgRecvData(int ds, u_char * buf, size_t len, char *hook) int NgSendData(int ds, const char *hook, const u_char * buf, size_t len) { - u_char sgbuf[NG_HOOKLEN + sizeof(struct sockaddr_ng)]; + u_char sgbuf[NG_HOOKSIZ + NGSA_OVERHEAD]; struct sockaddr_ng *const sg = (struct sockaddr_ng *) sgbuf; int errnosv; /* Set up destination hook */ sg->sg_family = AF_NETGRAPH; - snprintf(sg->sg_data, NG_HOOKLEN + 1, "%s", hook); - sg->sg_len = strlen(sg->sg_data) + 3; + strlcpy(sg->sg_data, hook, NG_HOOKSIZ); + sg->sg_len = strlen(sg->sg_data) + 1 + NGSA_OVERHEAD; /* Debugging */ if (_gNgDebugLevel >= 2) {