diff options
| author | Milan Jurik <Milan.Jurik@Sun.COM> | 2009-02-19 09:55:01 +0000 |
|---|---|---|
| committer | Milan Jurik <Milan.Jurik@Sun.COM> | 2009-02-19 09:55:01 +0000 |
| commit | f3f093f5e1252df53faccba99cf6d2295d6d0d58 (patch) | |
| tree | b0cf530d853b4a3f51a17b7b064533f2554c2528 | |
| parent | edabaf6ffacd63543916397cd0987024b1f1e1de (diff) | |
| download | illumos-gate-f3f093f5e1252df53faccba99cf6d2295d6d0d58.tar.gz | |
6641048 raidctl -lg suffers from off-by-one errors for vendor id and product id fields
6805377 raidctl uses snprintf() improperly, possibly causing bad memory access
| -rw-r--r-- | usr/src/cmd/raidctl/raidctl.c | 23 | ||||
| -rw-r--r-- | usr/src/lib/libraidcfg/common/raidcfg_spi.h | 4 |
2 files changed, 16 insertions, 11 deletions
diff --git a/usr/src/cmd/raidctl/raidctl.c b/usr/src/cmd/raidctl/raidctl.c index f9b96e513f..c17df40932 100644 --- a/usr/src/cmd/raidctl/raidctl.c +++ b/usr/src/cmd/raidctl/raidctl.c @@ -19,7 +19,7 @@ * CDDL HEADER END * * - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * * raidctl.c is the entry file of RAID configuration utility. @@ -2014,8 +2014,8 @@ print_disk_table(raid_obj_handle_t ctl_handle, raid_obj_handle_t disk_handle) } /* Print header */ - (void) fprintf(stdout, gettext("Disk\tVendor\tProduct\t\tFirmware\t" - "Capacity\tStatus\tHSP")); + (void) fprintf(stdout, gettext("Disk\tVendor Product " + "Firmware\tCapacity\tStatus\tHSP")); (void) fprintf(stdout, "\n"); (void) fprintf(stdout, "--------------------------------------"); (void) fprintf(stdout, "--------------------------------------"); @@ -2241,8 +2241,8 @@ static int print_disk_attr(raid_obj_handle_t ctl_handle, raid_obj_handle_t disk_handle, raidcfg_disk_t *attrp) { - char vendor[DISK_VENDER_LEN]; - char product[DISK_PRODUCT_LEN]; + char vendor[DISK_VENDER_LEN + 1]; + char product[DISK_PRODUCT_LEN + 1]; char revision[DISK_REV_LEN + 1]; char capacity[16]; char hsp[16]; @@ -2257,13 +2257,16 @@ print_disk_attr(raid_obj_handle_t ctl_handle, raid_obj_handle_t disk_handle, return (FAILURE); } - (void) snprintf(vendor, sizeof (vendor), "%s", attrp->vendorid); - (void) printf("%s\t", vendor); + (void) memccpy(vendor, attrp->vendorid, '\0', DISK_VENDER_LEN); + vendor[DISK_VENDER_LEN] = '\0'; + (void) printf("%-9s", vendor); - (void) snprintf(product, sizeof (product), "%s", attrp->productid); - (void) printf("%s\t", product); + (void) memccpy(product, attrp->productid, '\0', DISK_PRODUCT_LEN); + product[DISK_PRODUCT_LEN] = '\0'; + (void) printf("%-17s", product); - (void) snprintf(revision, sizeof (revision), "%s", attrp->revision); + (void) memccpy(revision, attrp->revision, '\0', DISK_REV_LEN); + revision[DISK_REV_LEN] = '\0'; (void) printf("%s\t\t", revision); if (attrp->capacity != MAX64BIT) { diff --git a/usr/src/lib/libraidcfg/common/raidcfg_spi.h b/usr/src/lib/libraidcfg/common/raidcfg_spi.h index 8b787c316f..fe2f3209be 100644 --- a/usr/src/lib/libraidcfg/common/raidcfg_spi.h +++ b/usr/src/lib/libraidcfg/common/raidcfg_spi.h @@ -20,7 +20,7 @@ */ /* - * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -293,6 +293,8 @@ typedef struct { uint32_t state; disk_tag_t tag; uint64_t capacity; + + /* ASCII data not terminated by null */ char vendorid[DISK_VENDER_LEN]; char productid[DISK_PRODUCT_LEN]; char revision[DISK_REV_LEN]; |