diff options
| author | bz <bz@FreeBSD.org> | 2008-12-11 01:04:25 +0000 |
|---|---|---|
| committer | bz <bz@FreeBSD.org> | 2008-12-11 01:04:25 +0000 |
| commit | e65de9d9824d3b5379b9f57139d753a1d566f921 (patch) | |
| tree | e15a64ee7912abf77ac2429c1e74f032748f52b5 | |
| parent | da8c897826760d083248a5fc96e280066909c8b7 (diff) | |
| download | FreeBSD-src-e65de9d9824d3b5379b9f57139d753a1d566f921.zip FreeBSD-src-e65de9d9824d3b5379b9f57139d753a1d566f921.tar.gz | |
Correctly check the number of prison states to not access anything
outside the prison_states array.
When checking if there is a name configured for the prison, check the
first character to not be '\0' instead of checking if the char array
is present, which it always is. Note, that this is different for the
*jailname in the syscall.
Found with: Coverity Prevent(tm)
CID: 4156, 4155
MFC after: 4 weeks (just that I get the mail)
| -rw-r--r-- | sys/kern/kern_jail.c | 4 | ||||
| -rw-r--r-- | usr.sbin/jexec/jexec.c | 4 | ||||
| -rw-r--r-- | usr.sbin/jls/jls.c | 4 |
3 files changed, 6 insertions, 6 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index e4a027c..0059b8f 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -1574,13 +1574,13 @@ DB_SHOW_COMMAND(jails, db_show_jails) pr->pr_ip4s, pr->pr_ip6s); db_printf("%6s %-29.29s %.74s\n", "", pr->pr_host, pr->pr_path); - if (pr->pr_state < 0 || pr->pr_state > (int)((sizeof( + if (pr->pr_state < 0 || pr->pr_state >= (int)((sizeof( prison_states) / sizeof(struct prison_state)))) state = "(bogus)"; else state = prison_states[pr->pr_state].state_name; db_printf("%6s %-29.29s %.74s\n", - "", (pr->pr_name != NULL) ? pr->pr_name : "", state); + "", (pr->pr_name[0] != '\0') ? pr->pr_name : "", state); db_printf("%6s %-6d\n", "", pr->pr_cpuset->cs_id); #ifdef INET diff --git a/usr.sbin/jexec/jexec.c b/usr.sbin/jexec/jexec.c index 69bc8f0..9d788dd 100644 --- a/usr.sbin/jexec/jexec.c +++ b/usr.sbin/jexec/jexec.c @@ -80,13 +80,13 @@ char *lookup_xprison_v3(void *p, char *end, int *id, char *jailname) ok = 1; /* Jail state and name. */ - if (xp->pr_state < 0 || xp->pr_state > + if (xp->pr_state < 0 || xp->pr_state >= (int)((sizeof(prison_states) / sizeof(struct prison_state)))) errx(1, "Invalid jail state."); else if (xp->pr_state != PRISON_STATE_ALIVE) ok = 0; if (jailname != NULL) { - if (xp->pr_name == NULL) + if (xp->pr_name[0] == '\0') ok = 0; else if (strcmp(jailname, xp->pr_name) != 0) ok = 0; diff --git a/usr.sbin/jls/jls.c b/usr.sbin/jls/jls.c index 4488c31..5853abc 100644 --- a/usr.sbin/jls/jls.c +++ b/usr.sbin/jls/jls.c @@ -86,7 +86,7 @@ char *print_xprison_v3(void *p, char *end, unsigned flags) errx(1, "Invalid length for jail"); xp = (struct xprison *)p; - if (xp->pr_state < 0 || xp->pr_state > (int) + if (xp->pr_state < 0 || xp->pr_state >= (int) ((sizeof(prison_states) / sizeof(struct prison_state)))) state = "(bogus)"; else @@ -110,7 +110,7 @@ char *print_xprison_v3(void *p, char *end, unsigned flags) /* Jail state and name. */ if (flags & FLAG_V) printf("%6s %-29.29s %.74s\n", - "", (xp->pr_name != NULL) ? xp->pr_name : "", state); + "", (xp->pr_name[0] != '\0') ? xp->pr_name : "", state); /* cpusetid. */ if (flags & FLAG_V) |
