From f366a4aadf28f389a29d65d4ae42b4e84bc63720 Mon Sep 17 00:00:00 2001 From: kib Date: Tue, 4 Dec 2012 20:49:04 +0000 Subject: [PATCH] Do not allocate buffer of the 255 bytes length on the stack. Reported and tested by: sig6247@gmail.com MFC after: 1 week --- sys/kern/vfs_mountroot.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sys/kern/vfs_mountroot.c b/sys/kern/vfs_mountroot.c index 83948f24e669d6..147926e3e1c1f2 100644 --- a/sys/kern/vfs_mountroot.c +++ b/sys/kern/vfs_mountroot.c @@ -672,10 +672,11 @@ parse_mount_dev_present(const char *dev) return (error != 0) ? 0 : 1; } +#define ERRMSGL 255 static int parse_mount(char **conf) { - char errmsg[255]; + char *errmsg; struct mntarg *ma; char *dev, *fs, *opts, *tok; int delay, error, timeout; @@ -707,7 +708,7 @@ parse_mount(char **conf) printf("Trying to mount root from %s:%s [%s]...\n", fs, dev, (opts != NULL) ? opts : ""); - bzero(errmsg, sizeof(errmsg)); + errmsg = malloc(ERRMSGL, M_TEMP, M_WAITOK | M_ZERO); if (vfs_byname(fs) == NULL) { strlcpy(errmsg, "unknown file system", sizeof(errmsg)); @@ -734,7 +735,7 @@ parse_mount(char **conf) ma = mount_arg(ma, "fstype", fs, -1); ma = mount_arg(ma, "fspath", "/", -1); ma = mount_arg(ma, "from", dev, -1); - ma = mount_arg(ma, "errmsg", errmsg, sizeof(errmsg)); + ma = mount_arg(ma, "errmsg", errmsg, ERRMSGL); ma = mount_arg(ma, "ro", NULL, 0); ma = parse_mountroot_options(ma, opts); error = kernel_mount(ma, MNT_ROOTFS); @@ -748,11 +749,13 @@ parse_mount(char **conf) printf(".\n"); } free(fs, M_TEMP); + free(errmsg, M_TEMP); if (opts != NULL) free(opts, M_TEMP); /* kernel_mount can return -1 on error. */ return ((error < 0) ? EDOOFUS : error); } +#undef ERRMSGL static int vfs_mountroot_parse(struct sbuf *sb, struct mount *mpdevfs)