Module Name: src
Committed By: mlelstv
Date: Mon Feb 10 22:38:10 UTC 2020
Modified Files:
src/sys/net: if_pppoe.c
Log Message:
safely extract character sequences from packet for printing.
To generate a diff of this commit:
cvs rdiff -u -r1.148 -r1.149 src/sys/net/if_pppoe.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_pppoe.c
diff -u src/sys/net/if_pppoe.c:1.148 src/sys/net/if_pppoe.c:1.149
--- src/sys/net/if_pppoe.c:1.148 Wed Jan 29 04:28:27 2020
+++ src/sys/net/if_pppoe.c Mon Feb 10 22:38:10 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pppoe.c,v 1.148 2020/01/29 04:28:27 thorpej Exp $ */
+/* $NetBSD: if_pppoe.c,v 1.149 2020/02/10 22:38:10 mlelstv Exp $ */
/*
* Copyright (c) 2002, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.148 2020/01/29 04:28:27 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.149 2020/02/10 22:38:10 mlelstv Exp $");
#ifdef _KERNEL_OPT
#include "pppoe.h"
@@ -558,6 +558,7 @@ pppoe_dispatch_disc_pkt(struct mbuf *m,
const char *err_msg;
char devname[IF_NAMESIZE];
char *error;
+ size_t dlen;
uint8_t *ac_cookie;
size_t ac_cookie_len;
uint8_t *relay_sid;
@@ -631,7 +632,8 @@ pppoe_dispatch_disc_pkt(struct mbuf *m,
break; /* ignored */
case PPPOE_TAG_ACNAME:
if (len > 0) {
- error = malloc(len + 1, M_TEMP, M_NOWAIT);
+ dlen = 4 * len + 1;
+ error = malloc(dlen, M_TEMP, M_NOWAIT);
if (error == NULL)
break;
@@ -643,7 +645,9 @@ pppoe_dispatch_disc_pkt(struct mbuf *m,
goto done;
}
- strlcpy(error, mtod(n, char*) + noff, len + 1);
+ strnvisx(error, dlen,
+ mtod(n, char*) + noff, len,
+ VIS_SAFE | VIS_OCTAL);
printf("pppoe: connected to %s\n", error);
free(error, M_TEMP);
}
@@ -704,15 +708,17 @@ pppoe_dispatch_disc_pkt(struct mbuf *m,
if (err_msg) {
error = NULL;
if (errortag && len) {
- error = malloc(len + 1, M_TEMP,
+ dlen = 4 * len + 1;
+ error = malloc(dlen, M_TEMP,
M_NOWAIT|M_ZERO);
n = m_pulldown(m, off + sizeof(*pt), len,
&noff);
if (!n) {
m = NULL;
} else if (error) {
- strlcpy(error, mtod(n, char *) + noff,
- len + 1);
+ strnvisx(error, dlen,
+ mtod(n, char*) + noff, len,
+ VIS_SAFE | VIS_OCTAL);
}
}
if (error) {