CVS commit: src/sys/net

Michael van Elst Mon, 10 Feb 2020 14:38:39 -0800

Module Name:    src
Committed By:   mlelstv
Date:           Mon Feb 10 22:38:10 UTC 2020


Modified Files:
        src/sys/net: if_pppoe.c

Log Message:
safely extract character sequences from packet for printing.


To generate a diff of this commit:
cvs rdiff -u -r1.148 -r1.149 src/sys/net/if_pppoe.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_pppoe.c
diff -u src/sys/net/if_pppoe.c:1.148 src/sys/net/if_pppoe.c:1.149
--- src/sys/net/if_pppoe.c:1.148	Wed Jan 29 04:28:27 2020
+++ src/sys/net/if_pppoe.c	Mon Feb 10 22:38:10 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pppoe.c,v 1.148 2020/01/29 04:28:27 thorpej Exp $ */
+/* $NetBSD: if_pppoe.c,v 1.149 2020/02/10 22:38:10 mlelstv Exp $ */
 
 /*
  * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.148 2020/01/29 04:28:27 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.149 2020/02/10 22:38:10 mlelstv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "pppoe.h"
@@ -558,6 +558,7 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, 
 	const char *err_msg;
 	char devname[IF_NAMESIZE];
 	char *error;
+	size_t dlen;
 	uint8_t *ac_cookie;
 	size_t ac_cookie_len;
 	uint8_t *relay_sid;
@@ -631,7 +632,8 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, 
 			break;	/* ignored */
 		case PPPOE_TAG_ACNAME:
 			if (len > 0) {
-				error = malloc(len + 1, M_TEMP, M_NOWAIT);
+				dlen = 4 * len + 1;
+				error = malloc(dlen, M_TEMP, M_NOWAIT);
 				if (error == NULL)
 					break;
 
@@ -643,7 +645,9 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, 
 					goto done;
 				}
 
-				strlcpy(error, mtod(n, char*) + noff, len + 1);
+				strnvisx(error, dlen,
+				    mtod(n, char*) + noff, len,
+				    VIS_SAFE | VIS_OCTAL);
 				printf("pppoe: connected to %s\n", error);
 				free(error, M_TEMP);
 			}
@@ -704,15 +708,17 @@ pppoe_dispatch_disc_pkt(struct mbuf *m, 
 		if (err_msg) {
 			error = NULL;
 			if (errortag && len) {
-				error = malloc(len + 1, M_TEMP,
+				dlen = 4 * len + 1;
+				error = malloc(dlen, M_TEMP,
 				    M_NOWAIT|M_ZERO);
 				n = m_pulldown(m, off + sizeof(*pt), len,
 				    &noff);
 				if (!n) {
 					m = NULL;
 				} else if (error) {
-					strlcpy(error, mtod(n, char *) + noff,
-					    len + 1);
+					strnvisx(error, dlen,
+					    mtod(n, char*) + noff, len,
+					    VIS_SAFE | VIS_OCTAL);
 				}
 			}
 			if (error) {

CVS commit: src/sys/net

Reply via email to