From a91c39740f9997269193da0d48c103338454d72d Mon Sep 17 00:00:00 2001
From: ru <ru@FreeBSD.org>
Date: Wed, 6 Sep 2006 20:15:43 +0000
Subject: While convenient, avoid using alloca() for reasons specified in the
 BUGS section of the alloca(3) manpage.  In particular, when the number of TCP
 sockets is several tens of thousand, trying to "sysctl -a" would SIGSEGV on
 the net.inet.tcp.pcblist entry (it would exceed the stacksize ulimit, in an
 undetectable manner).

Reported by:	Igor Sysoev
---
 sbin/sysctl/sysctl.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

(limited to 'sbin/sysctl')

diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c
index 3b40689..73bf68d 100644
--- a/sbin/sysctl/sysctl.c
+++ b/sbin/sysctl/sysctl.c
@@ -541,7 +541,7 @@ oidfmt(int *oid, int len, char *fmt, u_int *kind)
 static int
 show_var(int *oid, int nlen)
 {
-	u_char buf[BUFSIZ], *val, *p;
+	u_char buf[BUFSIZ], *val, *oval, *p;
 	char name[BUFSIZ], *fmt, *sep;
 	int qoid[CTL_MAXNAME+2];
 	int i;
@@ -584,14 +584,21 @@ show_var(int *oid, int nlen)
 	i = sysctl(oid, nlen, 0, &j, 0, 0);
 	j += j; /* we want to be sure :-) */
 
-	val = alloca(j + 1);
+	val = oval = malloc(j + 1);
+	if (val == NULL) {
+		warnx("malloc failed");
+		return (-1);
+	}
 	len = j;
 	i = sysctl(oid, nlen, val, &len, 0, 0);
-	if (i || !len)
+	if (i || !len) {
+		free(oval);
 		return (1);
+	}
 
 	if (bflag) {
 		fwrite(val, 1, len, stdout);
+		free(oval);
 		return (0);
 	}
 	val[len] = '\0';
@@ -603,6 +610,7 @@ show_var(int *oid, int nlen)
 		if (!nflag)
 			printf("%s%s", name, sep);
 		printf("%.*s", len, p);
+		free(oval);
 		return (0);
 
 	case 'I':
@@ -630,6 +638,7 @@ show_var(int *oid, int nlen)
 			len -= sizeof(int);
 			p += sizeof(int);
 		}
+		free(oval);
 		return (0);
 
 	case 'L':
@@ -657,12 +666,14 @@ show_var(int *oid, int nlen)
 			len -= sizeof(long);
 			p += sizeof(long);
 		}
+		free(oval);
 		return (0);
 
 	case 'P':
 		if (!nflag)
 			printf("%s%s", name, sep);
 		printf("%p", *(void **)p);
+		free(oval);
 		return (0);
 
 	case 'T':
@@ -683,12 +694,15 @@ show_var(int *oid, int nlen)
 		if (func) {
 			if (!nflag)
 				printf("%s%s", name, sep);
+			free(oval);
 			return ((*func)(len, p));
 		}
 		/* FALLTHROUGH */
 	default:
-		if (!oflag && !xflag)
+		if (!oflag && !xflag) {
+			free(oval);
 			return (1);
+		}
 		if (!nflag)
 			printf("%s%s", name, sep);
 		printf("Format:%s Length:%d Dump:0x", fmt, len);
@@ -696,8 +710,10 @@ show_var(int *oid, int nlen)
 			printf("%02x", *p++);
 		if (!xflag && len > 16)
 			printf("...");
+		free(oval);
 		return (0);
 	}
+	free(oval);
 	return (1);
 }
 
-- 
cgit v1.1