d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't directly dereference userland pointer; instead use kernel pointer

Browse Source 
copied in from userspace.  This fixes instant panic when creating CTL LUN
on sparc64.  Not a security problem, since the API is root-only.

Reviewed by:	ken
Sponsored by:	FreeBSD Foundation
This commit is contained in:
Edward Tomasz Napierala 2013-04-02 16:50:50 +00:00
parent a358cf3aec
commit 9eef3375ce
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/cam/ctl/ctl_backend_block.c
View File

@ -1658,7 +1658,7 @@ ctl_be_block_create(struct ctl_be_block_softc *softc, struct ctl_lun_req *req)
if (be_lun->ctl_be_lun.lun_type == T_DIRECT) {
for (i = 0; i < req->num_be_args; i++) {
if (strcmp(req->kern_be_args[i].name, "file") == 0) {
if (strcmp(req->kern_be_args[i].kname, "file") == 0) {
file_arg = &req->kern_be_args[i];
break;
}
@ -1673,7 +1673,7 @@ ctl_be_block_create(struct ctl_be_block_softc *softc, struct ctl_lun_req *req)
be_lun->dev_path = malloc(file_arg->vallen, M_CTLBLK,
M_WAITOK | M_ZERO);
strlcpy(be_lun->dev_path, (char *)file_arg->value,
strlcpy(be_lun->dev_path, (char *)file_arg->kvalue,
file_arg->vallen);
retval = ctl_be_block_open(softc, be_lun, req);
@ -1712,7 +1712,7 @@ ctl_be_block_create(struct ctl_be_block_softc *softc, struct ctl_lun_req *req)
* the loop above,
*/
for (i = 0; i < req->num_be_args; i++) {
if (strcmp(req->kern_be_args[i].name, "num_threads") == 0) {
if (strcmp(req->kern_be_args[i].kname, "num_threads") == 0) {
struct ctl_be_arg *thread_arg;
char num_thread_str[16];
int tmp_num_threads;
@ -1720,7 +1720,7 @@ ctl_be_block_create(struct ctl_be_block_softc *softc, struct ctl_lun_req *req)
thread_arg = &req->kern_be_args[i];
strlcpy(num_thread_str, (char *)thread_arg->value,
strlcpy(num_thread_str, (char *)thread_arg->kvalue,
min(thread_arg->vallen,
sizeof(num_thread_str)));