diff options
| author | green <green@FreeBSD.org> | 2000-07-02 08:08:09 +0000 |
|---|---|---|
| committer | green <green@FreeBSD.org> | 2000-07-02 08:08:09 +0000 |
| commit | 9707bc34b009d1e09d192ec84d1ddc8e8693006f (patch) | |
| tree | 176c788b7d732a310aa42a0b4652b645bc735a99 /sys/svr4 | |
| parent | c350a86095dd249ad9e0371c7caaf6a5c52a0260 (diff) | |
| download | FreeBSD-src-9707bc34b009d1e09d192ec84d1ddc8e8693006f.zip FreeBSD-src-9707bc34b009d1e09d192ec84d1ddc8e8693006f.tar.gz | |
Modify ktrace's general I/O tracing, ktrgenio(), to use a struct uio *
instead of a struct iovec * array and int len. Get rid of stupidly trying
to allocate all of the memory and copyin()ing the entire iovec[], and
instead just do the proper VOP_WRITE() in ktrwrite() using a copy of
the struct uio that the syscall originally used.
This solves the DoS which could easily be performed; to work around the
DoS, one could also remove "options KTRACE" from the kernel. This is
a very strong MFC candidate for 4.1.
Found by: art@OpenBSD.org
Diffstat (limited to 'sys/svr4')
| -rw-r--r-- | sys/svr4/svr4_stream.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/sys/svr4/svr4_stream.c b/sys/svr4/svr4_stream.c index a4cd74f..b2cadc9 100644 --- a/sys/svr4/svr4_stream.c +++ b/sys/svr4/svr4_stream.c @@ -159,6 +159,7 @@ svr4_sendit(p, s, mp, flags) struct socket *so; #ifdef KTRACE struct iovec *ktriov = NULL; + struct uio ktruio; #endif error = getsock(p->p_fd, s, &fp); @@ -199,6 +200,7 @@ svr4_sendit(p, s, mp, flags) MALLOC(ktriov, struct iovec *, iovlen, M_TEMP, M_WAITOK); bcopy((caddr_t)auio.uio_iov, (caddr_t)ktriov, iovlen); + ktruio = auio; } #endif len = auio.uio_resid; @@ -216,9 +218,11 @@ svr4_sendit(p, s, mp, flags) p->p_retval[0] = len - auio.uio_resid; #ifdef KTRACE if (ktriov != NULL) { - if (error == 0) - ktrgenio(p->p_tracep, s, UIO_WRITE, - ktriov, p->p_retval[0], error); + if (error == 0) { + ktruio.uio_iov = ktriov; + ktruio.uio_resid = p->p_retval[0]; + ktrgenio(p->p_tracep, s, UIO_WRITE, &ktruio, error); + } FREE(ktriov, M_TEMP); } #endif @@ -246,6 +250,7 @@ svr4_recvit(p, s, mp, namelenp) struct sockaddr *fromsa = 0; #ifdef KTRACE struct iovec *ktriov = NULL; + struct uio ktruio; #endif error = getsock(p->p_fd, s, &fp); @@ -269,6 +274,7 @@ svr4_recvit(p, s, mp, namelenp) MALLOC(ktriov, struct iovec *, iovlen, M_TEMP, M_WAITOK); bcopy((caddr_t)auio.uio_iov, (caddr_t)ktriov, iovlen); + ktruio = auio; } #endif len = auio.uio_resid; @@ -283,9 +289,11 @@ svr4_recvit(p, s, mp, namelenp) } #ifdef KTRACE if (ktriov != NULL) { - if (error == 0) - ktrgenio(p->p_tracep, s, UIO_READ, - ktriov, len - auio.uio_resid, error); + if (error == 0) { + ktruio.uio_iov = ktriov; + ktruio.uio_resid = len - auio.uio_resid; + ktrgenio(p->p_tracep, s, UIO_READ, &ktruio, error); + } FREE(ktriov, M_TEMP); } #endif |
