diff options
author | alfred <alfred@FreeBSD.org> | 2010-04-30 03:15:00 +0000 |
---|---|---|
committer | alfred <alfred@FreeBSD.org> | 2010-04-30 03:15:00 +0000 |
commit | 12d5232340181b7d414b4b9204f9fdc091f11e30 (patch) | |
tree | 249fc8841c9e6352a3dbb1dd89fc47993ca370f3 /sys/kern/kern_sig.c | |
parent | 993bf6ff365b34234950ca83a90ffc5c04d5ca1a (diff) | |
download | FreeBSD-src-12d5232340181b7d414b4b9204f9fdc091f11e30.zip FreeBSD-src-12d5232340181b7d414b4b9204f9fdc091f11e30.tar.gz |
Avoid allocating MAXHOSTNAMELEN bytes on the stack in expand_name(),
use the heap instead.
Obtained from: Juniper Networks
Reviewed by: jhb
Diffstat (limited to 'sys/kern/kern_sig.c')
-rw-r--r-- | sys/kern/kern_sig.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index 706433d..789bb61 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -3004,8 +3004,9 @@ expand_name(const char *name, uid_t uid, pid_t pid, struct thread *td, char *temp; size_t i; int indexpos; - char hostname[MAXHOSTNAMELEN]; + char *hostname; + hostname = NULL; format = corefilename; temp = malloc(MAXPATHLEN, M_TEMP, M_NOWAIT | M_ZERO); if (temp == NULL) @@ -3021,8 +3022,21 @@ expand_name(const char *name, uid_t uid, pid_t pid, struct thread *td, sbuf_putc(&sb, '%'); break; case 'H': /* hostname */ + if (hostname == NULL) { + hostname = malloc(MAXHOSTNAMELEN, + M_TEMP, M_NOWAIT); + if (hostname == NULL) { + log(LOG_ERR, + "pid %ld (%s), uid (%lu): " + "unable to alloc memory " + "for corefile hostname\n", + (long)pid, name, + (u_long)uid); + goto nomem; + } + } getcredhostname(td->td_ucred, hostname, - sizeof(hostname)); + MAXHOSTNAMELEN); sbuf_printf(&sb, "%s", hostname); break; case 'I': /* autoincrementing index */ @@ -3048,15 +3062,17 @@ expand_name(const char *name, uid_t uid, pid_t pid, struct thread *td, sbuf_putc(&sb, format[i]); } } + free(hostname, M_TEMP); #ifdef COMPRESS_USER_CORES if (compress) { sbuf_printf(&sb, GZ_SUFFIX); } #endif if (sbuf_overflowed(&sb)) { - sbuf_delete(&sb); log(LOG_ERR, "pid %ld (%s), uid (%lu): corename is too " "long\n", (long)pid, name, (u_long)uid); +nomem: + sbuf_delete(&sb); free(temp, M_TEMP); return (NULL); } |