X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/eb6b6ca394357805f2bdba989abae309f718b4d8..f427ee49d309d8fc33ebf3042c3a775f2f530ded:/bsd/net/net_str_id.c?ds=inline diff --git a/bsd/net/net_str_id.c b/bsd/net/net_str_id.c index 637006974..a9688c076 100644 --- a/bsd/net/net_str_id.c +++ b/bsd/net/net_str_id.c @@ -28,7 +28,7 @@ #include #include -#include +#include #include #include #include @@ -41,6 +41,7 @@ #include "net/net_str_id.h" +#define NET_ID_STR_MAX_LEN 2048 #define NET_ID_STR_ENTRY_SIZE(__str) \ (__builtin_offsetof(struct net_str_id_entry, nsi_string[0]) + \ strlen(__str) + 1) @@ -96,8 +97,8 @@ net_str_id_first_last(u_int32_t *first, u_int32_t *last, u_int32_t kind) } __private_extern__ errno_t -net_str_id_find_internal(const char *string, u_int32_t *out_id, - u_int32_t kind, int create) +net_str_id_find_internal(const char *string, u_int32_t *out_id, + u_int32_t kind, int create) { struct net_str_id_entry *entry = NULL; @@ -105,6 +106,9 @@ net_str_id_find_internal(const char *string, u_int32_t *out_id, if (string == NULL || out_id == NULL || kind >= NSI_MAX_KIND) { return EINVAL; } + if (strlen(string) > NET_ID_STR_MAX_LEN) { + return EINVAL; + } *out_id = 0; @@ -122,7 +126,8 @@ net_str_id_find_internal(const char *string, u_int32_t *out_id, return ENOENT; } - entry = kalloc(NET_ID_STR_ENTRY_SIZE(string)); + entry = zalloc_permanent(NET_ID_STR_ENTRY_SIZE(string), + ZALIGN_PTR); if (entry == NULL) { lck_mtx_unlock(net_str_id_lock); return ENOMEM; @@ -174,7 +179,11 @@ sysctl_if_family_ids SYSCTL_HANDLER_ARGS /* XXX bad syntax! */ continue; } - str_size = strlen(entry->nsi_string) + 1; + str_size = strlen(entry->nsi_string); + if (str_size > NET_ID_STR_MAX_LEN) { + str_size = NET_ID_STR_MAX_LEN; + } + str_size += 1; // make room for end-of-string iffmid_size = ROUNDUP32(offsetof(struct net_str_id_entry, nsi_string) + str_size); if (iffmid_size > max_size) { @@ -191,7 +200,7 @@ sysctl_if_family_ids SYSCTL_HANDLER_ARGS /* XXX bad syntax! */ } bzero(iffmid, iffmid_size); - iffmid->iffmid_len = iffmid_size; + iffmid->iffmid_len = (uint32_t)iffmid_size; iffmid->iffmid_id = entry->nsi_id; strlcpy(iffmid->iffmid_str, entry->nsi_string, str_size); error = SYSCTL_OUT(req, iffmid, iffmid_size);