Module Name: src Committed By: mlelstv Date: Mon Feb 10 22:38:10 UTC 2020
Modified Files: src/sys/net: if_pppoe.c Log Message: safely extract character sequences from packet for printing. To generate a diff of this commit: cvs rdiff -u -r1.148 -r1.149 src/sys/net/if_pppoe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/if_pppoe.c diff -u src/sys/net/if_pppoe.c:1.148 src/sys/net/if_pppoe.c:1.149 --- src/sys/net/if_pppoe.c:1.148 Wed Jan 29 04:28:27 2020 +++ src/sys/net/if_pppoe.c Mon Feb 10 22:38:10 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: if_pppoe.c,v 1.148 2020/01/29 04:28:27 thorpej Exp $ */ +/* $NetBSD: if_pppoe.c,v 1.149 2020/02/10 22:38:10 mlelstv Exp $ */ /* * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.148 2020/01/29 04:28:27 thorpej Exp $"); +__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.149 2020/02/10 22:38:10 mlelstv Exp $"); #ifdef _KERNEL_OPT #include "pppoe.h" @@ -558,6 +558,7 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, const char *err_msg; char devname[IF_NAMESIZE]; char *error; + size_t dlen; uint8_t *ac_cookie; size_t ac_cookie_len; uint8_t *relay_sid; @@ -631,7 +632,8 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, break; /* ignored */ case PPPOE_TAG_ACNAME: if (len > 0) { - error = malloc(len + 1, M_TEMP, M_NOWAIT); + dlen = 4 * len + 1; + error = malloc(dlen, M_TEMP, M_NOWAIT); if (error == NULL) break; @@ -643,7 +645,9 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, goto done; } - strlcpy(error, mtod(n, char*) + noff, len + 1); + strnvisx(error, dlen, + mtod(n, char*) + noff, len, + VIS_SAFE | VIS_OCTAL); printf("pppoe: connected to %s\n", error); free(error, M_TEMP); } @@ -704,15 +708,17 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, if (err_msg) { error = NULL; if (errortag && len) { - error = malloc(len + 1, M_TEMP, + dlen = 4 * len + 1; + error = malloc(dlen, M_TEMP, M_NOWAIT|M_ZERO); n = m_pulldown(m, off + sizeof(*pt), len, &noff); if (!n) { m = NULL; } else if (error) { - strlcpy(error, mtod(n, char *) + noff, - len + 1); + strnvisx(error, dlen, + mtod(n, char*) + noff, len, + VIS_SAFE | VIS_OCTAL); } } if (error) {