svn commit: r360388 - head/sys/dev/iscsi_initiator

Mon, 27 Apr 2020 11:05:47 -0700 

Author: jhb
Date: Mon Apr 27 18:04:42 2020
New Revision: 360388
URL: https://svnweb.freebsd.org/changeset/base/360388

Log:
  Don't run strcmp() against strings stored in user memory.
  
  Instead, copy the strings into a temporary buffer on the stack and
  run strcmp on the copies.
  
  Reviewed by:  brooks, kib
  Obtained from:        CheriBSD
  MFC after:    1 week
  Sponsored by: DARPA
  Differential Revision:        https://reviews.freebsd.org/D24567

Modified:
  head/sys/dev/iscsi_initiator/isc_subr.c

Modified: head/sys/dev/iscsi_initiator/isc_subr.c
==============================================================================
--- head/sys/dev/iscsi_initiator/isc_subr.c     Mon Apr 27 17:55:40 2020        
(r360387)
+++ head/sys/dev/iscsi_initiator/isc_subr.c     Mon Apr 27 18:04:42 2020        
(r360388)
@@ -97,6 +97,9 @@ i_crc32c(const void *buf, size_t size, uint32_t crc)
 int
 i_setopt(isc_session_t *sp, isc_opt_t *opt)
 {
+     char buf[16];
+     int error;
+
      if(opt->maxRecvDataSegmentLength > 0) {
          sp->opt.maxRecvDataSegmentLength = opt->maxRecvDataSegmentLength;
          sdebug(2, "maxRecvDataSegmentLength=%d", 
sp->opt.maxRecvDataSegmentLength);
@@ -138,15 +141,21 @@ i_setopt(isc_session_t *sp, isc_opt_t *opt)
      }
 
      if(opt->headerDigest != NULL) {
-         sdebug(2, "opt.headerDigest='%s'", opt->headerDigest);
-         if(strcmp(opt->headerDigest, "CRC32C") == 0) {
+         error = copyinstr(opt->headerDigest, buf, sizeof(buf), NULL);
+         if (error != 0)
+              return (error);
+         sdebug(2, "opt.headerDigest='%s'", buf);
+         if(strcmp(buf, "CRC32C") == 0) {
               sp->hdrDigest = (digest_t *)i_crc32c;
               sdebug(2, "opt.headerDigest set");
          }
      }
      if(opt->dataDigest != NULL) {
-         sdebug(2, "opt.dataDigest='%s'", opt->headerDigest);
-         if(strcmp(opt->dataDigest, "CRC32C") == 0) {
+         error = copyinstr(opt->dataDigest, buf, sizeof(buf), NULL);
+         if (error != 0)
+              return (error);
+         sdebug(2, "opt.dataDigest='%s'", opt->dataDigest);
+         if(strcmp(buf, "CRC32C") == 0) {
               sp->dataDigest = (digest_t *)i_crc32c;
               sdebug(2, "opt.dataDigest set");
          }
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to