From fd86d88034ee7491e7e2971fe699581d3641dab0 Mon Sep 17 00:00:00 2001 From: Alexander Motin Date: Sun, 26 Oct 2014 15:28:07 +0000 Subject: [PATCH] Fix printing non-terminated strings in devlist XML. MFC after: 1 week --- sys/cam/ctl/ctl.c | 12 ++++++++---- sys/cam/ctl/ctl.h | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/sys/cam/ctl/ctl.c b/sys/cam/ctl/ctl.c index ffe2739e666..6206a155695 100644 --- a/sys/cam/ctl/ctl.c +++ b/sys/cam/ctl/ctl.c @@ -2200,13 +2200,14 @@ ctl_copyout_args(int num_args, struct ctl_be_arg *args) * Escape characters that are illegal or not recommended in XML. */ int -ctl_sbuf_printf_esc(struct sbuf *sb, char *str) +ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size) { + char *end = str + size; int retval; retval = 0; - for (; *str; str++) { + for (; *str && str < end; str++) { switch (*str) { case '&': retval = sbuf_printf(sb, "&"); @@ -3198,7 +3199,8 @@ ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, break; retval = ctl_sbuf_printf_esc(sb, - lun->be_lun->serial_num); + lun->be_lun->serial_num, + sizeof(lun->be_lun->serial_num)); if (retval != 0) break; @@ -3213,7 +3215,9 @@ ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, if (retval != 0) break; - retval = ctl_sbuf_printf_esc(sb,lun->be_lun->device_id); + retval = ctl_sbuf_printf_esc(sb, + lun->be_lun->device_id, + sizeof(lun->be_lun->device_id)); if (retval != 0) break; diff --git a/sys/cam/ctl/ctl.h b/sys/cam/ctl/ctl.h index 9c7b04b90b2..a9de2652727 100644 --- a/sys/cam/ctl/ctl.h +++ b/sys/cam/ctl/ctl.h @@ -156,7 +156,7 @@ int ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced, * Put a string into an sbuf, escaping characters that are illegal or not * recommended in XML. Note this doesn't escape everything, just > < and &. */ -int ctl_sbuf_printf_esc(struct sbuf *sb, char *str); +int ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size); int ctl_ffz(uint32_t *mask, uint32_t size); int ctl_set_mask(uint32_t *mask, uint32_t bit);