Mercurial > illumos > illumos-gate
changeset 13740:836bfdf31fc4
2724 snoop contains few problems with accessing uninitialized data
Reviewed by: Darren Reed <darrenr@fastmail.net>
Reviewed by: Garrett D'Amore <garrett@damore.org>
Approved by: Gordon Ross <gwr@nexenta.com>
author | Milan Jurik <milan.jurik@xylab.cz> |
---|---|
date | Tue, 05 Jun 2012 18:33:58 +0200 |
parents | f6a4c9dc9b80 |
children | 1e57a183c0e9 |
files | usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_capture.c usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_filter.c usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_pf.c usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_rpcsec.c |
diffstat | 5 files changed, 57 insertions(+), 51 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_capture.c Fri Jun 22 11:22:18 2012 -0400 +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_capture.c Tue Jun 05 18:33:58 2012 +0200 @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ #include <stdio.h> @@ -603,7 +604,8 @@ { struct stat st; int cap_vers; - int *word, device_mac_type; + int *word; + int device_mac_type = -1; int capfile_in; capfile_in = open(name, O_RDONLY);
--- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_filter.c Fri Jun 22 11:22:18 2012 -0400 +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_filter.c Tue Jun 05 18:33:58 2012 +0200 @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ #include <stdio.h> @@ -1049,10 +1050,8 @@ static void compare_value_zone(uint_t offset, uint32_t val) { - int i; - - load_const(ntohl(((uint32_t *)&val)[i])); - load_value(offset + i * 4, 4); + load_const(ntohl(val)); + load_value(offset, 4); emitop(OP_EQ); } @@ -1582,6 +1581,9 @@ } } + if (hp == NULL) + return; + switch (which) { case TO: addr4offset = IPV4_DSTADDR_OFFSET; @@ -1600,7 +1602,7 @@ /* * The code below generates the filter. */ - if (hp != NULL && hp->h_addrtype == AF_INET) { + if (hp->h_addrtype == AF_INET) { ethertype_match(interface->network_type_ip); emitop(OP_BRFL); n = chain(n);
--- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c Fri Jun 22 11:22:18 2012 -0400 +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_ip.c Tue Jun 05 18:33:58 2012 +0200 @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ #include <stdio.h> @@ -1205,7 +1206,7 @@ * Display Classification Level */ ripso_class = get_pair_byval(ripso_class_tbl, (int)opt[2]); - if (ripso_class != NULL) + if (ripso_class == NULL) (void) snprintf(get_line(0, 0), get_line_remain(), "Classification = Unknown (0x%02x)", opt[2]); else
--- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_pf.c Fri Jun 22 11:22:18 2012 -0400 +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_pf.c Tue Jun 05 18:33:58 2012 +0200 @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ #include <stdio.h> @@ -688,6 +689,9 @@ pr_err("unknown token type: %s", hostname); } + if (hp == NULL) + return; + switch (which) { case TO: addr4offset = IPV4_DSTADDR_OFFSET; @@ -703,7 +707,7 @@ break; } - if (hp != NULL && hp->h_addrtype == AF_INET) { + if (hp->h_addrtype == AF_INET) { pf_matchfn("ip"); if (dl.dl_type == DL_ETHER) pf_check_vlan_tag(ENCAP_ETHERTYPE_OFF/2); @@ -809,9 +813,7 @@ } } - if (hp != NULL) { - freehostent(hp); - } + freehostent(hp); }
--- a/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_rpcsec.c Fri Jun 22 11:22:18 2012 -0400 +++ b/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop_rpcsec.c Tue Jun 05 18:33:58 2012 +0200 @@ -22,10 +22,9 @@ /* * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/types.h> #include <sys/errno.h> #include <sys/tiuser.h> @@ -105,15 +104,15 @@ rpcsec_gss_service = getxdr_enum(); (void) sprintf(get_line(pos, getxdr_pos()), - " version = %u", rpcsec_gss_ver); + " version = %u", rpcsec_gss_ver); (void) sprintf(get_line(pos, getxdr_pos()), - " gss control procedure = %u (%s)", - rpcsec_gss_proc, - rpcsec_gss_proc_to_string(rpcsec_gss_proc)); + " gss control procedure = %u (%s)", + rpcsec_gss_proc, + rpcsec_gss_proc_to_string(rpcsec_gss_proc)); (void) sprintf(get_line(pos, getxdr_pos()), - " sequence num = %u", seq_num); + " sequence num = %u", seq_num); (void) sprintf(get_line(pos, getxdr_pos()), " service = %d (%s)", rpcsec_gss_service, @@ -123,7 +122,7 @@ handle = getxdr_hex(handle_len); line = get_line(pos, getxdr_pos()); sprintf(line, " handle: length = %d, data = [%s]", - handle_len, handle); + handle_len, handle); x = find_xid(xid); if (x) { x->xid_gss_proc = rpcsec_gss_proc; @@ -159,11 +158,11 @@ seq = getxdr_u_long(); if (flags & F_ALLSUM) { (void) sprintf(get_sum_line(), "%s %c seq_num = %u", - "RPC RPCSEC_GSS", type == CALL ? 'C' : 'R', - seq); + "RPC RPCSEC_GSS", type == CALL ? 'C' : 'R', + seq); } else if (flags & F_DTAIL) { sprintf(get_line(0, 0), - "RPCSEC_GSS data seq_num = %u", seq); + "RPCSEC_GSS data seq_num = %u", seq); show_space(); } /* call args follow */ @@ -178,21 +177,21 @@ } if (flags & F_SUM || flags & F_ALLSUM) { - (void) sprintf(get_sum_line(), - "%s %c %s ver(%d) proc(%d) (data encrypted) ", - "RPC RPCSEC_GSS", type == CALL ? 'C' : 'R', - progname, vers, proc); + (void) sprintf(get_sum_line(), + "%s %c %s ver(%d) proc(%d) (data encrypted) ", + "RPC RPCSEC_GSS", type == CALL ? 'C' : 'R', + progname, vers, proc); } else if (flags & F_DTAIL) { - unsigned int args_len; + unsigned int args_len; - args_len = getxdr_u_long(); - sprintf(get_line(0, 0), - "RPCSEC_GSS %s ver(%d) proc(%d)", - progname, vers, proc); - sprintf(get_line(0, 0), - "(%s args encrypted, len = %d bytes)", - type == CALL ? "CALL" : "REPLY", args_len); - show_space(); + args_len = getxdr_u_long(); + sprintf(get_line(0, 0), + "RPCSEC_GSS %s ver(%d) proc(%d)", + progname, vers, proc); + sprintf(get_line(0, 0), + "(%s args encrypted, len = %d bytes)", + type == CALL ? "CALL" : "REPLY", args_len); + show_space(); } } return (1); @@ -238,7 +237,7 @@ checksum_len = getxdr_u_long(); checksum = getxdr_hex(checksum_len); sprintf(get_line(0, 0), - "checksum: len = %d", checksum_len); + "checksum: len = %d", checksum_len); sprintf(get_line(0, 0), "[%s]", checksum); show_trailer(); } @@ -266,10 +265,10 @@ if (flags & F_SUM) { if (type == CALL) { (void) sprintf(get_sum_line(), "%s %c %u (%s)", - "RPC RPCSEC_GSS", - type == CALL ? 'C' : 'R', - x->xid_gss_proc, - rpcsec_gss_proc_to_string(x->xid_gss_proc)); + "RPC RPCSEC_GSS", + type == CALL ? 'C' : 'R', + x->xid_gss_proc, + rpcsec_gss_proc_to_string(x->xid_gss_proc)); } } else if (flags & F_DTAIL) { if (x->xid_gss_proc == RPCSEC_GSS_INIT || @@ -330,7 +329,7 @@ char *token, *line; unsigned int token_len; - int pos; + int pos = 0; /* * see if we need to print out the rpc_gss_init_arg structure @@ -338,21 +337,21 @@ */ if (x->xid_gss_proc != RPCSEC_GSS_INIT && - x->xid_gss_proc != RPCSEC_GSS_CONTINUE_INIT) { + x->xid_gss_proc != RPCSEC_GSS_CONTINUE_INIT) { return; } /* print it */ (void) sprintf(get_line(pos, getxdr_pos()), - "RPCSEC_GSS_INIT args:"); + "RPCSEC_GSS_INIT args:"); pos = getxdr_pos(); token_len = getxdr_u_long(); token = getxdr_hex(token_len); line = get_line(pos, getxdr_pos()); - sprintf(line, " gss token: length = %d, data = [%d bytes]", - token_len, token_len); + sprintf(line, " gss token: length = %d, data = [%d bytes]", + token_len, token_len); show_trailer(); } @@ -368,7 +367,7 @@ unsigned int token_len, handle_len; unsigned int major, minor, seq_window; - int pos; + int pos = 0; struct cache_struct *x; /* print it */ @@ -380,25 +379,25 @@ handle = getxdr_hex(handle_len); line = get_line(pos, getxdr_pos()); sprintf(line, " handle: length = %d, data = [%s]", - handle_len, handle); + handle_len, handle); pos = getxdr_pos(); major = getxdr_u_long(); minor = getxdr_u_long(); seq_window = getxdr_u_long(); (void) sprintf(get_line(pos, getxdr_pos()), - " gss_major status = %u", major); + " gss_major status = %u", major); (void) sprintf(get_line(pos, getxdr_pos()), - " gss_minor status = %u", minor); + " gss_minor status = %u", minor); (void) sprintf(get_line(pos, getxdr_pos()), - " sequence window = %u", seq_window); + " sequence window = %u", seq_window); pos = getxdr_pos(); token_len = getxdr_u_long(); token = getxdr_hex(token_len); line = get_line(pos, getxdr_pos()); sprintf(line, " gss token: length = %d, data = [%d bytes]", - token_len, token_len); + token_len, token_len); show_trailer(); }