From 22647093664a33f48caa6dc481ecead248f3e9f1 Mon Sep 17 00:00:00 2001 From: dv Date: Sun, 2 Apr 2023 02:04:10 +0000 Subject: [PATCH] vmd(8): migrate vmd_vm.vm_ttyname to char array. Other structs use a fixed length array already. This allows a vmd_vm object to be transmitted over an ipc channel, too. Additionally, solves a segfault caused by a strlcpy(3) in an error path. ok mlarkin@ --- usr.sbin/vmd/config.c | 6 +++--- usr.sbin/vmd/vmd.c | 13 +++++++------ usr.sbin/vmd/vmd.h | 4 ++-- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/usr.sbin/vmd/config.c b/usr.sbin/vmd/config.c index 922e6cccd65..cc88551b63e 100644 --- a/usr.sbin/vmd/config.c +++ b/usr.sbin/vmd/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.68 2023/02/22 10:04:45 mbuhl Exp $ */ +/* $OpenBSD: config.c,v 1.69 2023/04/02 02:04:10 dv Exp $ */ /* * Copyright (c) 2015 Reyk Floeter @@ -451,10 +451,10 @@ config_setvm(struct privsep *ps, struct vmd_vm *vm, uint32_t peerid, uid_t uid) } /* Open TTY */ - if (vm->vm_ttyname == NULL) { + if (vm->vm_ttyname[0] == '\0') { if (vm_opentty(vm) == -1) { log_warn("%s: can't open tty %s", __func__, - vm->vm_ttyname == NULL ? "" : vm->vm_ttyname); + vm->vm_ttyname[0] == '\0' ? "" : vm->vm_ttyname); goto fail; } } diff --git a/usr.sbin/vmd/vmd.c b/usr.sbin/vmd/vmd.c index f604282ddaf..75af37a29a6 100644 --- a/usr.sbin/vmd/vmd.c +++ b/usr.sbin/vmd/vmd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmd.c,v 1.138 2023/01/28 14:40:53 dv Exp $ */ +/* $OpenBSD: vmd.c,v 1.139 2023/04/02 02:04:10 dv Exp $ */ /* * Copyright (c) 2015 Reyk Floeter @@ -489,7 +489,7 @@ vmd_dispatch_vmm(int fd, struct privsep_proc *p, struct imsg *imsg) memcpy(&vir, imsg->data, sizeof(vir)); if ((vm = vm_getbyvmid(vir.vir_info.vir_id)) != NULL) { memset(vir.vir_ttyname, 0, sizeof(vir.vir_ttyname)); - if (vm->vm_ttyname != NULL) + if (vm->vm_ttyname[0] != '\0') strlcpy(vir.vir_ttyname, vm->vm_ttyname, sizeof(vir.vir_ttyname)); log_debug("%s: running vm: %d, vm_state: 0x%x", @@ -1789,8 +1789,11 @@ vm_opentty(struct vmd_vm *vm) vm->vm_tty = ptm.cfd; close(ptm.sfd); - if ((vm->vm_ttyname = strdup(ptm.sn)) == NULL) + if (strlcpy(vm->vm_ttyname, ptm.sn, sizeof(vm->vm_ttyname)) + >= sizeof(vm->vm_ttyname)) { + log_warnx("%s: truncated ttyname", __func__); goto fail; + } uid = vm->vm_uid; gid = vm->vm_params.vmc_owner.gid; @@ -1858,8 +1861,7 @@ vm_closetty(struct vmd_vm *vm) close(vm->vm_tty); vm->vm_tty = -1; } - free(vm->vm_ttyname); - vm->vm_ttyname = NULL; + memset(&vm->vm_ttyname, 0, sizeof(vm->vm_ttyname)); } void @@ -1954,4 +1956,3 @@ vm_terminate(struct vmd_vm *vm, const char *caller) vm_remove(vm, caller); } } - diff --git a/usr.sbin/vmd/vmd.h b/usr.sbin/vmd/vmd.h index d04c28fb204..7bbbf62734b 100644 --- a/usr.sbin/vmd/vmd.h +++ b/usr.sbin/vmd/vmd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vmd.h,v 1.114 2023/01/28 14:40:53 dv Exp $ */ +/* $OpenBSD: vmd.h,v 1.115 2023/04/02 02:04:10 dv Exp $ */ /* * Copyright (c) 2015 Mike Larkin @@ -286,7 +286,7 @@ struct vmd_vm { int vm_cdrom; int vm_disks[VM_MAX_DISKS_PER_VM][VM_MAX_BASE_PER_DISK]; struct vmd_if vm_ifs[VM_MAX_NICS_PER_VM]; - char *vm_ttyname; + char vm_ttyname[VM_TTYNAME_MAX]; int vm_tty; uint32_t vm_peerid; /* When set, VM was defined in a config file */ -- 2.20.1