From root@ns.webtt.biz  Mon Sep 22 07:10:20 2003
Return-Path: <root@ns.webtt.biz>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 418A016A4B3
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 22 Sep 2003 07:10:20 -0700 (PDT)
Received: from ns.webtt.biz (ns.webtt.biz [64.239.29.225])
	by mx1.FreeBSD.org (Postfix) with SMTP id 4FD844400D
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 22 Sep 2003 07:10:19 -0700 (PDT)
	(envelope-from root@ns.webtt.biz)
Received: (qmail 24408 invoked by uid 0); 22 Sep 2003 14:12:25 -0000
Message-Id: <20030922141225.24407.qmail@ns.webtt.biz>
Date: 22 Sep 2003 14:12:25 -0000
From: Rui Lopes <rui@ruilopes.com>
Reply-To: Rui Lopes <rui@ruilopes.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] for a possible fd leak in libcam.c
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         57088
>Category:       bin
>Synopsis:       [cam] [patch] for a possible fd leak in libcam.c
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    jh
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 22 07:20:11 PDT 2003
>Closed-Date:    Sat Mar 03 09:31:14 UTC 2012
>Last-Modified:  Sun Apr  1 08:50:05 UTC 2012
>Originator:     Rui Lopes
>Release:        FreeBSD 5.1-RELEASE-p5 i386
>Organization:
>Environment:
System: FreeBSD disty 5.1-RELEASE-p5 FreeBSD 5.1-RELEASE-p5 #2: Mon Sep 22 12:24:38 WEST 2003 root@disty:/usr/obj/usr/src/sys/DEBUGGER i386


	
>Description:
	
* Fixes one possible FD leak.
* Fixes some buffer overrun.
  NOTE: The others sprintf seem inoffensive, because we control what we place
        in the buffer, so I didn't change them.

>How-To-Repeat:
	
>Fix:

	

--- camlib.c.patch begins here ---
# * Fixes one possible FD leak.
# * Fixes some buffer overrun.
# -- Rui Lopes <rui@ruilopes.com>
--- camlib.c.orig	Mon Sep 22 14:24:52 2003
+++ camlib.c	Mon Sep 22 14:51:02 2003
@@ -388,8 +388,9 @@
 			   PERIPH_MATCH_LUN | PERIPH_MATCH_NAME;
 
 	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
-		sprintf(cam_errbuf, "%s: CAMIOCOMMAND ioctl failed\n"
-			"%s: %s", func_name, func_name, strerror(errno));
+		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
+			 "%s: CAMIOCOMMAND ioctl failed\n%s: %s", func_name,
+			 func_name, strerror(errno));
 		goto btl_bailout;
 	}
 
@@ -515,6 +516,7 @@
 			 "%s: %s%s", func_name, func_name, strerror(errno),
 			 (errno == ENOENT) ? tmpstr : "");
 
+		close(fd);
 		return(NULL);
 	}
 
@@ -527,8 +529,9 @@
 	 * the device the user gave us.
 	 */
 	if (ccb.cgdl.status == CAM_GDEVLIST_ERROR) {
-		sprintf(cam_errbuf, "%s: device %s%d does not exist",
-			func_name, dev_name, unit);
+		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
+			 "%s: device %s%d does not exist", func_name, dev_name,
+			 unit);
 		return(NULL);
 	}
 
@@ -558,9 +561,9 @@
 	if (device == NULL) {
 		if ((device = (struct cam_device *)malloc(
 		     sizeof(struct cam_device))) == NULL) {
-			sprintf(cam_errbuf, "%s: device structure malloc"
-				" failed\n%s: %s", func_name, func_name,
-				strerror(errno));
+			snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
+				 "%s: device structure malloc failed\n%s: %s",
+				 func_name, func_name, strerror(errno));
 			return(NULL);
 		}
 		device->fd = -1;
@@ -616,8 +619,9 @@
 		 * because we just opened it above.  The only way this
 		 * ioctl can fail is if the ccb size is wrong.
 		 */
-		sprintf(cam_errbuf, "%s: CAMGETPASSTHRU ioctl failed\n"
-			"%s: %s", func_name, func_name, strerror(errno));
+		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
+			 "%s: CAMGETPASSTHRU ioctl failed\n%s: %s", func_name,
+			 func_name, strerror(errno));
 		goto crod_bailout;
 	}
 
@@ -642,8 +646,9 @@
 
 	ccb.ccb_h.func_code = XPT_PATH_INQ;
 	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
-		sprintf(cam_errbuf, "%s: Path Inquiry CCB failed\n"
-			"%s: %s", func_name, func_name, strerror(errno));
+		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
+			 "%s: Path Inquiry CCB failed\n%s: %s", func_name,
+			 func_name, strerror(errno));
 		goto crod_bailout;
 	}
 	strlcpy(device->sim_name, ccb.cpi.dev_name, sizeof(device->sim_name));
@@ -656,8 +661,9 @@
 	 */
 	ccb.ccb_h.func_code = XPT_GDEV_TYPE;
 	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
-		sprintf(cam_errbuf, "%s: Get Device Type CCB failed\n"
-			"%s: %s", func_name, func_name, strerror(errno));
+		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
+			 "%s: Get Device Type CCB failed\n%s: %s", func_name,
+			 func_name, strerror(errno));
 		goto crod_bailout;
 	}
 	device->pd_type = SID_TYPE(&ccb.cgd.inq_data);
@@ -679,8 +685,9 @@
 	ccb.cts.flags = CCB_TRANS_CURRENT_SETTINGS;
 
 	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
-		sprintf(cam_errbuf, "%s: Get Transfer Settings CCB failed\n"
-			"%s: %s", func_name, func_name, strerror(errno));
+		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
+			 "%s: Get Transfer Settings CCB failed\n%s: %s",
+			 func_name, func_name, strerror(errno));
 		goto crod_bailout;
 	}
 	device->sync_period = ccb.cts.sync_period;
--- camlib.c.patch ends here ---


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->suspended 
State-Changed-By: linimon 
State-Changed-When: Mon Oct 24 17:12:16 GMT 2005 
State-Changed-Why:  
Mark as 'suspended'.  Submitter is not sure if this patch is still 
applicable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57088 
State-Changed-From-To: suspended->open 
State-Changed-By: arundel 
State-Changed-When: Thu Oct 28 22:27:36 UTC 2010 
State-Changed-Why:  
The fd leak was fixed in r158171. The possible buffer overruns however still 
exist. 
I'll submit a patch shortly (against HEAD), which will turn all sprintf(3) calls 
in connection with cam_errbuf to snprintf(3) calls. Although this might not be 
necessary in all cases, it should however improve overall robustness of 
camlib.c. 


Responsible-Changed-From-To: freebsd-bugs->freebsd-fs 
Responsible-Changed-By: arundel 
Responsible-Changed-When: Thu Oct 28 22:27:36 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57088 

From: Alexander Best <arundel@freebsd.org>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: bin/57088: [cam] [patch] for a possible fd leak in libcam.c
Date: Thu, 28 Oct 2010 23:12:23 +0000

 --WIyZ46R2i8wDzkSu
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 this is the patch i was refering to in my previous note.
 
 cheers.
 alex
 
 -- 
 a13x
 
 --WIyZ46R2i8wDzkSu
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="camlib.c.diff"
 
 diff --git a/lib/libcam/camlib.c b/lib/libcam/camlib.c
 index 47ca384..ed2d31b 100644
 --- a/lib/libcam/camlib.c
 +++ b/lib/libcam/camlib.c
 @@ -121,7 +121,8 @@ cam_get_device(const char *path, char *dev_name, int devnamelen, int *unit)
  
  
  	if (path == NULL) {
 -		sprintf(cam_errbuf, "%s: device pathname was NULL", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device pathname was NULL", func_name);
  		return(-1);
  	}
  
 @@ -143,7 +144,8 @@ cam_get_device(const char *path, char *dev_name, int devnamelen, int *unit)
  	}
  
  	if (*tmpstr == '\0') {
 -		sprintf(cam_errbuf, "%s: no text after slash", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: no text after slash", func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -170,9 +172,9 @@ cam_get_device(const char *path, char *dev_name, int devnamelen, int *unit)
  	 * If we only have 1, we don't have a valid device name.
  	 */
  	if (strlen(tmpstr) < 2) {
 -		sprintf(cam_errbuf,
 -			"%s: must have both device name and unit number",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: must have both device name and unit number",
 +			 func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -182,9 +184,9 @@ cam_get_device(const char *path, char *dev_name, int devnamelen, int *unit)
  	 * has probably given us all numbers.  Point out the error.
  	 */
  	if (isdigit(*tmpstr)) {
 -		sprintf(cam_errbuf,
 -			"%s: device name cannot begin with a number",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device name cannot begin with a number",
 +			 func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -195,8 +197,8 @@ cam_get_device(const char *path, char *dev_name, int devnamelen, int *unit)
  	 * or he gave us a device name/number format we don't recognize.
  	 */
  	if (!isdigit(tmpstr[strlen(tmpstr) - 1])) {
 -		sprintf(cam_errbuf, "%s: unable to find device unit number",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: unable to find device unit number", func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -324,8 +326,9 @@ cam_open_btl(path_id_t path_id, target_id_t target_id, lun_id_t target_lun,
  			   PERIPH_MATCH_LUN | PERIPH_MATCH_NAME;
  
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: CAMIOCOMMAND ioctl failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CAMIOCOMMAND ioctl failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto btl_bailout;
  	}
  
 @@ -335,23 +338,26 @@ cam_open_btl(path_id_t path_id, target_id_t target_id, lun_id_t target_lun,
  	if ((ccb.ccb_h.status != CAM_REQ_CMP)
  	 || ((ccb.cdm.status != CAM_DEV_MATCH_LAST)
  	   && (ccb.cdm.status != CAM_DEV_MATCH_MORE))) {
 -		sprintf(cam_errbuf, "%s: CAM error %#x, CDM error %d "
 -			"returned from XPT_DEV_MATCH ccb", func_name,
 -			ccb.ccb_h.status, ccb.cdm.status);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CAM error %#x, CDM error %d "
 +			 "returned from XPT_DEV_MATCH ccb", func_name,
 +			 ccb.ccb_h.status, ccb.cdm.status);
  		goto btl_bailout;
  	}
  
  	if (ccb.cdm.status == CAM_DEV_MATCH_MORE) {
 -		sprintf(cam_errbuf, "%s: CDM reported more than one"
 -			" passthrough device at %d:%d:%d!!\n",
 -			func_name, path_id, target_id, target_lun);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CDM reported more than one"
 +			 " passthrough device at %d:%d:%d!!\n",
 +			 func_name, path_id, target_id, target_lun);
  		goto btl_bailout;
  	}
  
  	if (ccb.cdm.num_matches == 0) {
 -		sprintf(cam_errbuf, "%s: no passthrough device found at"
 -			" %d:%d:%d", func_name, path_id, target_id,
 -			target_lun);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: no passthrough device found at"
 +			 " %d:%d:%d", func_name, path_id, target_id,
 +			 target_lun);
  		goto btl_bailout;
  	}
  
 @@ -372,8 +378,9 @@ cam_open_btl(path_id_t path_id, target_id_t target_id, lun_id_t target_lun,
  		break; /* NOTREACHED */
  	}
  	default:
 -		sprintf(cam_errbuf, "%s: asked for a peripheral match, but"
 -			" got a bus or device match", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: asked for a peripheral match, but"
 +			 " got a bus or device match", func_name);
  		goto btl_bailout;
  		break; /* NOTREACHED */
  	}
 @@ -446,7 +453,7 @@ cam_lookup_pass(const char *dev_name, int unit, int flags,
  				 "your kernel\n%s: or %s%d doesn't exist",
  				 func_name, func_name, dev_name, unit);
  		}
 -		snprintf(cam_errbuf, sizeof(cam_errbuf),
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
  			 "%s: CAMGETPASSTHRU ioctl failed\n"
  			 "%s: %s%s", func_name, func_name, strerror(errno),
  			 (errno == ENOENT) ? tmpstr : "");
 @@ -464,8 +471,9 @@ cam_lookup_pass(const char *dev_name, int unit, int flags,
  	 * the device the user gave us.
  	 */
  	if (ccb.cgdl.status == CAM_GDEVLIST_ERROR) {
 -		sprintf(cam_errbuf, "%s: device %s%d does not exist!",
 -			func_name, dev_name, unit);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device %s%d does not exist!",
 +			 func_name, dev_name, unit);
  		return(NULL);
  	}
  
 @@ -495,9 +503,10 @@ cam_real_open_device(const char *path, int flags, struct cam_device *device,
  	if (device == NULL) {
  		if ((device = (struct cam_device *)malloc(
  		     sizeof(struct cam_device))) == NULL) {
 -			sprintf(cam_errbuf, "%s: device structure malloc"
 -				" failed\n%s: %s", func_name, func_name,
 -				strerror(errno));
 +			snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +				 "%s: device structure malloc"
 +				 " failed\n%s: %s", func_name, func_name,
 +				 strerror(errno));
  			return(NULL);
  		}
  		device->fd = -1;
 @@ -553,8 +562,9 @@ cam_real_open_device(const char *path, int flags, struct cam_device *device,
  		 * because we just opened it above.  The only way this
  		 * ioctl can fail is if the ccb size is wrong.
  		 */
 -		sprintf(cam_errbuf, "%s: CAMGETPASSTHRU ioctl failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CAMGETPASSTHRU ioctl failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  
 @@ -565,8 +575,8 @@ cam_real_open_device(const char *path, int flags, struct cam_device *device,
  	 * the device the user gave us.
  	 */
  	if (ccb.cgdl.status == CAM_GDEVLIST_ERROR) {
 -		sprintf(cam_errbuf, "%s: passthrough device does not exist!",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: passthrough device does not exist!", func_name);
  		goto crod_bailout;
  	}
  
 @@ -579,8 +589,9 @@ cam_real_open_device(const char *path, int flags, struct cam_device *device,
  
  	ccb.ccb_h.func_code = XPT_PATH_INQ;
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: Path Inquiry CCB failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: Path Inquiry CCB failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  	strlcpy(device->sim_name, ccb.cpi.dev_name, sizeof(device->sim_name));
 @@ -593,8 +604,9 @@ cam_real_open_device(const char *path, int flags, struct cam_device *device,
  	 */
  	ccb.ccb_h.func_code = XPT_GDEV_TYPE;
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: Get Device Type CCB failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: Get Device Type CCB failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  	device->pd_type = SID_TYPE(&ccb.cgd.inq_data);
 @@ -616,8 +628,9 @@ cam_real_open_device(const char *path, int flags, struct cam_device *device,
  	ccb.cts.type = CTS_TYPE_CURRENT_SETTINGS;
  
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: Get Transfer Settings CCB failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: Get Transfer Settings CCB failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  	if (ccb.cts.protocol == XPORT_SPI) {
 @@ -696,7 +709,8 @@ cam_device_dup(struct cam_device *device)
  	struct cam_device *newdev;
  
  	if (device == NULL) {
 -		sprintf(cam_errbuf, "%s: device is NULL", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device is NULL", func_name);
  		return(NULL);
  	}
  
 @@ -721,14 +735,14 @@ cam_device_copy(struct cam_device *src, struct cam_device *dst)
  	char *func_name = "cam_device_copy";
  
  	if (src == NULL) {
 -		sprintf(cam_errbuf, "%s: source device struct was NULL",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: source device struct was NULL", func_name);
  		return;
  	}
  
  	if (dst == NULL) {
 -		sprintf(cam_errbuf, "%s: destination device struct was NULL",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: destination device struct was NULL", func_name);
  		return;
  	}
  
 
 --WIyZ46R2i8wDzkSu--
Responsible-Changed-From-To: freebsd-fs->freebsd-scsi 
Responsible-Changed-By: arundel 
Responsible-Changed-When: Fri Oct 29 19:44:28 UTC 2010 
Responsible-Changed-Why:  
Freebsd-scsi@ seems better suited for this PR than freebsd-fs@. Thanks to Jaakko 
Heinonen for pointing this out. ;) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57088 
Responsible-Changed-From-To: freebsd-scsi->jh 
Responsible-Changed-By: jh 
Responsible-Changed-When: Fri Feb 24 07:22:00 UTC 2012 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57088 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/57088: commit references a PR
Date: Sat,  3 Mar 2012 09:19:30 +0000 (UTC)

 Author: jh
 Date: Sat Mar  3 09:19:20 2012
 New Revision: 232450
 URL: http://svn.freebsd.org/changeset/base/232450
 
 Log:
   Use snprintf(3) constantly when generating CAM error messages.
   
   PR:		bin/57088
   Submitted by:	Rui Lopes, arundel
   MFC after:	2 weeks
 
 Modified:
   head/lib/libcam/camlib.c
 
 Modified: head/lib/libcam/camlib.c
 ==============================================================================
 --- head/lib/libcam/camlib.c	Sat Mar  3 08:19:18 2012	(r232449)
 +++ head/lib/libcam/camlib.c	Sat Mar  3 09:19:20 2012	(r232450)
 @@ -121,7 +121,8 @@ cam_get_device(const char *path, char *d
  
  
  	if (path == NULL) {
 -		sprintf(cam_errbuf, "%s: device pathname was NULL", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device pathname was NULL", func_name);
  		return(-1);
  	}
  
 @@ -143,7 +144,8 @@ cam_get_device(const char *path, char *d
  	}
  
  	if (*tmpstr == '\0') {
 -		sprintf(cam_errbuf, "%s: no text after slash", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: no text after slash", func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -170,9 +172,9 @@ cam_get_device(const char *path, char *d
  	 * If we only have 1, we don't have a valid device name.
  	 */
  	if (strlen(tmpstr) < 2) {
 -		sprintf(cam_errbuf,
 -			"%s: must have both device name and unit number",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: must have both device name and unit number",
 +			 func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -182,9 +184,9 @@ cam_get_device(const char *path, char *d
  	 * has probably given us all numbers.  Point out the error.
  	 */
  	if (isdigit(*tmpstr)) {
 -		sprintf(cam_errbuf,
 -			"%s: device name cannot begin with a number",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device name cannot begin with a number",
 +			 func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -195,8 +197,8 @@ cam_get_device(const char *path, char *d
  	 * or he gave us a device name/number format we don't recognize.
  	 */
  	if (!isdigit(tmpstr[strlen(tmpstr) - 1])) {
 -		sprintf(cam_errbuf, "%s: unable to find device unit number",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: unable to find device unit number", func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -324,8 +326,9 @@ cam_open_btl(path_id_t path_id, target_i
  			   PERIPH_MATCH_LUN | PERIPH_MATCH_NAME;
  
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: CAMIOCOMMAND ioctl failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CAMIOCOMMAND ioctl failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto btl_bailout;
  	}
  
 @@ -335,23 +338,26 @@ cam_open_btl(path_id_t path_id, target_i
  	if ((ccb.ccb_h.status != CAM_REQ_CMP)
  	 || ((ccb.cdm.status != CAM_DEV_MATCH_LAST)
  	   && (ccb.cdm.status != CAM_DEV_MATCH_MORE))) {
 -		sprintf(cam_errbuf, "%s: CAM error %#x, CDM error %d "
 -			"returned from XPT_DEV_MATCH ccb", func_name,
 -			ccb.ccb_h.status, ccb.cdm.status);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CAM error %#x, CDM error %d "
 +			 "returned from XPT_DEV_MATCH ccb", func_name,
 +			 ccb.ccb_h.status, ccb.cdm.status);
  		goto btl_bailout;
  	}
  
  	if (ccb.cdm.status == CAM_DEV_MATCH_MORE) {
 -		sprintf(cam_errbuf, "%s: CDM reported more than one"
 -			" passthrough device at %d:%d:%d!!\n",
 -			func_name, path_id, target_id, target_lun);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CDM reported more than one"
 +			 " passthrough device at %d:%d:%d!!\n",
 +			 func_name, path_id, target_id, target_lun);
  		goto btl_bailout;
  	}
  
  	if (ccb.cdm.num_matches == 0) {
 -		sprintf(cam_errbuf, "%s: no passthrough device found at"
 -			" %d:%d:%d", func_name, path_id, target_id,
 -			target_lun);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: no passthrough device found at"
 +			 " %d:%d:%d", func_name, path_id, target_id,
 +			 target_lun);
  		goto btl_bailout;
  	}
  
 @@ -372,8 +378,9 @@ cam_open_btl(path_id_t path_id, target_i
  		break; /* NOTREACHED */
  	}
  	default:
 -		sprintf(cam_errbuf, "%s: asked for a peripheral match, but"
 -			" got a bus or device match", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: asked for a peripheral match, but"
 +			 " got a bus or device match", func_name);
  		goto btl_bailout;
  		break; /* NOTREACHED */
  	}
 @@ -446,7 +453,7 @@ cam_lookup_pass(const char *dev_name, in
  				 "your kernel\n%s: or %s%d doesn't exist",
  				 func_name, func_name, dev_name, unit);
  		}
 -		snprintf(cam_errbuf, sizeof(cam_errbuf),
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
  			 "%s: CAMGETPASSTHRU ioctl failed\n"
  			 "%s: %s%s", func_name, func_name, strerror(errno),
  			 (errno == ENOENT) ? tmpstr : "");
 @@ -464,8 +471,9 @@ cam_lookup_pass(const char *dev_name, in
  	 * the device the user gave us.
  	 */
  	if (ccb.cgdl.status == CAM_GDEVLIST_ERROR) {
 -		sprintf(cam_errbuf, "%s: device %s%d does not exist!",
 -			func_name, dev_name, unit);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device %s%d does not exist!",
 +			 func_name, dev_name, unit);
  		return(NULL);
  	}
  
 @@ -495,9 +503,10 @@ cam_real_open_device(const char *path, i
  	if (device == NULL) {
  		if ((device = (struct cam_device *)malloc(
  		     sizeof(struct cam_device))) == NULL) {
 -			sprintf(cam_errbuf, "%s: device structure malloc"
 -				" failed\n%s: %s", func_name, func_name,
 -				strerror(errno));
 +			snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +				 "%s: device structure malloc"
 +				 " failed\n%s: %s", func_name, func_name,
 +				 strerror(errno));
  			return(NULL);
  		}
  		device->fd = -1;
 @@ -553,8 +562,9 @@ cam_real_open_device(const char *path, i
  		 * because we just opened it above.  The only way this
  		 * ioctl can fail is if the ccb size is wrong.
  		 */
 -		sprintf(cam_errbuf, "%s: CAMGETPASSTHRU ioctl failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CAMGETPASSTHRU ioctl failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  
 @@ -565,8 +575,8 @@ cam_real_open_device(const char *path, i
  	 * the device the user gave us.
  	 */
  	if (ccb.cgdl.status == CAM_GDEVLIST_ERROR) {
 -		sprintf(cam_errbuf, "%s: passthrough device does not exist!",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: passthrough device does not exist!", func_name);
  		goto crod_bailout;
  	}
  
 @@ -579,8 +589,9 @@ cam_real_open_device(const char *path, i
  
  	ccb.ccb_h.func_code = XPT_PATH_INQ;
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: Path Inquiry CCB failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: Path Inquiry CCB failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  	strlcpy(device->sim_name, ccb.cpi.dev_name, sizeof(device->sim_name));
 @@ -593,8 +604,9 @@ cam_real_open_device(const char *path, i
  	 */
  	ccb.ccb_h.func_code = XPT_GDEV_TYPE;
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: Get Device Type CCB failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: Get Device Type CCB failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  	device->pd_type = SID_TYPE(&ccb.cgd.inq_data);
 @@ -616,8 +628,9 @@ cam_real_open_device(const char *path, i
  	ccb.cts.type = CTS_TYPE_CURRENT_SETTINGS;
  
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: Get Transfer Settings CCB failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: Get Transfer Settings CCB failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  	if (ccb.cts.protocol == XPORT_SPI) {
 @@ -696,7 +709,8 @@ cam_device_dup(struct cam_device *device
  	struct cam_device *newdev;
  
  	if (device == NULL) {
 -		sprintf(cam_errbuf, "%s: device is NULL", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device is NULL", func_name);
  		return(NULL);
  	}
  
 @@ -721,14 +735,14 @@ cam_device_copy(struct cam_device *src, 
  	char *func_name = "cam_device_copy";
  
  	if (src == NULL) {
 -		sprintf(cam_errbuf, "%s: source device struct was NULL",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: source device struct was NULL", func_name);
  		return;
  	}
  
  	if (dst == NULL) {
 -		sprintf(cam_errbuf, "%s: destination device struct was NULL",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: destination device struct was NULL", func_name);
  		return;
  	}
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: jh 
State-Changed-When: Sat Mar 3 09:31:12 UTC 2012 
State-Changed-Why:  
All changes has been committed. Thanks for the patch! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=57088 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/57088: commit references a PR
Date: Sun,  1 Apr 2012 08:41:13 +0000 (UTC)

 Author: jh
 Date: Sun Apr  1 08:40:52 2012
 New Revision: 233755
 URL: http://svn.freebsd.org/changeset/base/233755
 
 Log:
   MFC r232450:
   
   Use snprintf(3) constantly when generating CAM error messages.
   
   PR:		bin/57088
 
 Modified:
   stable/9/lib/libcam/camlib.c
 Directory Properties:
   stable/9/lib/libcam/   (props changed)
 
 Modified: stable/9/lib/libcam/camlib.c
 ==============================================================================
 --- stable/9/lib/libcam/camlib.c	Sun Apr  1 08:14:50 2012	(r233754)
 +++ stable/9/lib/libcam/camlib.c	Sun Apr  1 08:40:52 2012	(r233755)
 @@ -121,7 +121,8 @@ cam_get_device(const char *path, char *d
  
  
  	if (path == NULL) {
 -		sprintf(cam_errbuf, "%s: device pathname was NULL", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device pathname was NULL", func_name);
  		return(-1);
  	}
  
 @@ -143,7 +144,8 @@ cam_get_device(const char *path, char *d
  	}
  
  	if (*tmpstr == '\0') {
 -		sprintf(cam_errbuf, "%s: no text after slash", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: no text after slash", func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -170,9 +172,9 @@ cam_get_device(const char *path, char *d
  	 * If we only have 1, we don't have a valid device name.
  	 */
  	if (strlen(tmpstr) < 2) {
 -		sprintf(cam_errbuf,
 -			"%s: must have both device name and unit number",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: must have both device name and unit number",
 +			 func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -182,9 +184,9 @@ cam_get_device(const char *path, char *d
  	 * has probably given us all numbers.  Point out the error.
  	 */
  	if (isdigit(*tmpstr)) {
 -		sprintf(cam_errbuf,
 -			"%s: device name cannot begin with a number",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device name cannot begin with a number",
 +			 func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -195,8 +197,8 @@ cam_get_device(const char *path, char *d
  	 * or he gave us a device name/number format we don't recognize.
  	 */
  	if (!isdigit(tmpstr[strlen(tmpstr) - 1])) {
 -		sprintf(cam_errbuf, "%s: unable to find device unit number",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: unable to find device unit number", func_name);
  		free(newpath);
  		return(-1);
  	}
 @@ -324,8 +326,9 @@ cam_open_btl(path_id_t path_id, target_i
  			   PERIPH_MATCH_LUN | PERIPH_MATCH_NAME;
  
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: CAMIOCOMMAND ioctl failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CAMIOCOMMAND ioctl failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto btl_bailout;
  	}
  
 @@ -335,23 +338,26 @@ cam_open_btl(path_id_t path_id, target_i
  	if ((ccb.ccb_h.status != CAM_REQ_CMP)
  	 || ((ccb.cdm.status != CAM_DEV_MATCH_LAST)
  	   && (ccb.cdm.status != CAM_DEV_MATCH_MORE))) {
 -		sprintf(cam_errbuf, "%s: CAM error %#x, CDM error %d "
 -			"returned from XPT_DEV_MATCH ccb", func_name,
 -			ccb.ccb_h.status, ccb.cdm.status);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CAM error %#x, CDM error %d "
 +			 "returned from XPT_DEV_MATCH ccb", func_name,
 +			 ccb.ccb_h.status, ccb.cdm.status);
  		goto btl_bailout;
  	}
  
  	if (ccb.cdm.status == CAM_DEV_MATCH_MORE) {
 -		sprintf(cam_errbuf, "%s: CDM reported more than one"
 -			" passthrough device at %d:%d:%d!!\n",
 -			func_name, path_id, target_id, target_lun);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CDM reported more than one"
 +			 " passthrough device at %d:%d:%d!!\n",
 +			 func_name, path_id, target_id, target_lun);
  		goto btl_bailout;
  	}
  
  	if (ccb.cdm.num_matches == 0) {
 -		sprintf(cam_errbuf, "%s: no passthrough device found at"
 -			" %d:%d:%d", func_name, path_id, target_id,
 -			target_lun);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: no passthrough device found at"
 +			 " %d:%d:%d", func_name, path_id, target_id,
 +			 target_lun);
  		goto btl_bailout;
  	}
  
 @@ -372,8 +378,9 @@ cam_open_btl(path_id_t path_id, target_i
  		break; /* NOTREACHED */
  	}
  	default:
 -		sprintf(cam_errbuf, "%s: asked for a peripheral match, but"
 -			" got a bus or device match", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: asked for a peripheral match, but"
 +			 " got a bus or device match", func_name);
  		goto btl_bailout;
  		break; /* NOTREACHED */
  	}
 @@ -446,7 +453,7 @@ cam_lookup_pass(const char *dev_name, in
  				 "your kernel\n%s: or %s%d doesn't exist",
  				 func_name, func_name, dev_name, unit);
  		}
 -		snprintf(cam_errbuf, sizeof(cam_errbuf),
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
  			 "%s: CAMGETPASSTHRU ioctl failed\n"
  			 "%s: %s%s", func_name, func_name, strerror(errno),
  			 (errno == ENOENT) ? tmpstr : "");
 @@ -464,8 +471,9 @@ cam_lookup_pass(const char *dev_name, in
  	 * the device the user gave us.
  	 */
  	if (ccb.cgdl.status == CAM_GDEVLIST_ERROR) {
 -		sprintf(cam_errbuf, "%s: device %s%d does not exist!",
 -			func_name, dev_name, unit);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device %s%d does not exist!",
 +			 func_name, dev_name, unit);
  		return(NULL);
  	}
  
 @@ -495,9 +503,10 @@ cam_real_open_device(const char *path, i
  	if (device == NULL) {
  		if ((device = (struct cam_device *)malloc(
  		     sizeof(struct cam_device))) == NULL) {
 -			sprintf(cam_errbuf, "%s: device structure malloc"
 -				" failed\n%s: %s", func_name, func_name,
 -				strerror(errno));
 +			snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +				 "%s: device structure malloc"
 +				 " failed\n%s: %s", func_name, func_name,
 +				 strerror(errno));
  			return(NULL);
  		}
  		device->fd = -1;
 @@ -553,8 +562,9 @@ cam_real_open_device(const char *path, i
  		 * because we just opened it above.  The only way this
  		 * ioctl can fail is if the ccb size is wrong.
  		 */
 -		sprintf(cam_errbuf, "%s: CAMGETPASSTHRU ioctl failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: CAMGETPASSTHRU ioctl failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  
 @@ -565,8 +575,8 @@ cam_real_open_device(const char *path, i
  	 * the device the user gave us.
  	 */
  	if (ccb.cgdl.status == CAM_GDEVLIST_ERROR) {
 -		sprintf(cam_errbuf, "%s: passthrough device does not exist!",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: passthrough device does not exist!", func_name);
  		goto crod_bailout;
  	}
  
 @@ -579,8 +589,9 @@ cam_real_open_device(const char *path, i
  
  	ccb.ccb_h.func_code = XPT_PATH_INQ;
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: Path Inquiry CCB failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: Path Inquiry CCB failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  	strlcpy(device->sim_name, ccb.cpi.dev_name, sizeof(device->sim_name));
 @@ -593,8 +604,9 @@ cam_real_open_device(const char *path, i
  	 */
  	ccb.ccb_h.func_code = XPT_GDEV_TYPE;
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: Get Device Type CCB failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: Get Device Type CCB failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  	device->pd_type = SID_TYPE(&ccb.cgd.inq_data);
 @@ -616,8 +628,9 @@ cam_real_open_device(const char *path, i
  	ccb.cts.type = CTS_TYPE_CURRENT_SETTINGS;
  
  	if (ioctl(fd, CAMIOCOMMAND, &ccb) == -1) {
 -		sprintf(cam_errbuf, "%s: Get Transfer Settings CCB failed\n"
 -			"%s: %s", func_name, func_name, strerror(errno));
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: Get Transfer Settings CCB failed\n"
 +			 "%s: %s", func_name, func_name, strerror(errno));
  		goto crod_bailout;
  	}
  	if (ccb.cts.protocol == XPORT_SPI) {
 @@ -696,7 +709,8 @@ cam_device_dup(struct cam_device *device
  	struct cam_device *newdev;
  
  	if (device == NULL) {
 -		sprintf(cam_errbuf, "%s: device is NULL", func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: device is NULL", func_name);
  		return(NULL);
  	}
  
 @@ -721,14 +735,14 @@ cam_device_copy(struct cam_device *src, 
  	char *func_name = "cam_device_copy";
  
  	if (src == NULL) {
 -		sprintf(cam_errbuf, "%s: source device struct was NULL",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: source device struct was NULL", func_name);
  		return;
  	}
  
  	if (dst == NULL) {
 -		sprintf(cam_errbuf, "%s: destination device struct was NULL",
 -			func_name);
 +		snprintf(cam_errbuf, CAM_ERRBUF_SIZE,
 +			 "%s: destination device struct was NULL", func_name);
  		return;
  	}
  
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
