As reported by @thornley-touchstar, there are some issues in the showshortport and showport commands on the monitoring channel. After short dicussion with upstream, the following patches were merged upstream to fix the issue(s). Signed-off-by: Michael Heimpold <mhei@heimpold.de>lilik-openwrt-22.03
@ -0,0 +1,64 @@ | |||
From 8614cf0ad4a017184285e814a704322f59a28869 Mon Sep 17 00:00:00 2001 | |||
From: Michael Heimpold <mhei@heimpold.de> | |||
Date: Wed, 12 Apr 2017 23:36:17 +0200 | |||
Subject: [PATCH] dataxfer.c: fix possible buffer overruns caused by | |||
gai_strerror | |||
This fixes a possible buffer overrun that could occur due to | |||
gai_strerror() returning a string which is longer than the portbuff | |||
array, i.e. longer than 32 byte. | |||
Reported-by: David Thornley <david.thornley@touchstargroup.com> | |||
Signed-off-by: Michael Heimpold <mhei@heimpold.de> | |||
Signed-off-by: Corey Minyard <cminyard@mvista.com> | |||
diff --git a/dataxfer.c b/dataxfer.c | |||
index 3d1e713..988f4e4 100644 | |||
--- a/dataxfer.c | |||
+++ b/dataxfer.c | |||
@@ -3702,18 +3702,20 @@ showshortport(struct controller_info *cntlr, port_info_t *port) | |||
portbuff, sizeof(portbuff), | |||
NI_NUMERICHOST | NI_NUMERICSERV); | |||
if (err) { | |||
- strcpy(buffer, "*err*"); | |||
- sprintf(portbuff, "%s", gai_strerror(err)); | |||
+ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); | |||
+ count = controller_outputf(cntlr, "%s", buffer); | |||
+ } else { | |||
+ count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); | |||
} | |||
- bytes_recv = netcon->bytes_received; | |||
- bytes_sent = netcon->bytes_sent; | |||
- count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); | |||
while (count < 23) { | |||
controller_outs(cntlr, " "); | |||
count++; | |||
} | |||
+ bytes_recv = netcon->bytes_received; | |||
+ bytes_sent = netcon->bytes_sent; | |||
+ | |||
controller_outputf(cntlr, "%-22s ", port->io.devname); | |||
controller_outputf(cntlr, "%-14s ", state_str[port->net_to_dev_state]); | |||
controller_outputf(cntlr, "%-14s ", state_str[port->dev_to_net_state]); | |||
@@ -3758,11 +3760,12 @@ showport(struct controller_info *cntlr, port_info_t *port) | |||
portbuff, sizeof(portbuff), | |||
NI_NUMERICHOST | NI_NUMERICSERV); | |||
if (err) { | |||
- strcpy(buffer, "*err*"); | |||
- sprintf(portbuff, "%s", gai_strerror(err)); | |||
+ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); | |||
+ controller_outputf(cntlr, " connected to: %s\r\n", buffer); | |||
+ } else { | |||
+ controller_outputf(cntlr, " connected to: %s,%s\r\n", | |||
+ buffer, portbuff); | |||
} | |||
- controller_outputf(cntlr, " connected to: %s,%s\r\n", | |||
- buffer, portbuff); | |||
controller_outputf(cntlr, " bytes read from TCP: %d\r\n", | |||
netcon->bytes_received); | |||
controller_outputf(cntlr, " bytes written to TCP: %d\r\n", | |||
-- | |||
2.7.4 | |||
@ -0,0 +1,30 @@ | |||
From b303432f2dbd6a20afa99cb462aa0a1bb740b86d Mon Sep 17 00:00:00 2001 | |||
From: Michael Heimpold <mhei@heimpold.de> | |||
Date: Wed, 12 Apr 2017 23:43:18 +0200 | |||
Subject: [PATCH] dataxfer.c: truncate error message to fit the column width | |||
gai_strerror() could return a string which is longer than our current | |||
column width of "Remote address". To make the output nice again, | |||
truncate the error string in this case. | |||
Signed-off-by: Michael Heimpold <mhei@heimpold.de> | |||
Signed-off-by: Corey Minyard <cminyard@mvista.com> | |||
diff --git a/dataxfer.c b/dataxfer.c | |||
index 988f4e4..75c2777 100644 | |||
--- a/dataxfer.c | |||
+++ b/dataxfer.c | |||
@@ -3703,6 +3703,10 @@ showshortport(struct controller_info *cntlr, port_info_t *port) | |||
NI_NUMERICHOST | NI_NUMERICSERV); | |||
if (err) { | |||
snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); | |||
+ /* gai_strerror could return an elongated string which could break | |||
+ our pretty formatted output below, so truncate the string nicely */ | |||
+ if (strlen(buffer) > 22) | |||
+ strcpy(&buffer[22 - 3], "..."); | |||
count = controller_outputf(cntlr, "%s", buffer); | |||
} else { | |||
count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); | |||
-- | |||
2.7.4 | |||
@ -0,0 +1,59 @@ | |||
From 81f3991e232fd45b05ff52b5091393532e4305e5 Mon Sep 17 00:00:00 2001 | |||
From: Michael Heimpold <mhei@heimpold.de> | |||
Date: Thu, 13 Apr 2017 20:29:10 +0200 | |||
Subject: [PATCH] dataxfer.c: adjust "Remote address" column width | |||
In case we are connected to an IPv6 address the current column width | |||
is too small to take the complete address and port number so adjust it. | |||
Signed-off-by: Michael Heimpold <mhei@heimpold.de> | |||
Signed-off-by: Corey Minyard <cminyard@mvista.com> | |||
diff --git a/dataxfer.c b/dataxfer.c | |||
index 75c2777..9955403 100644 | |||
--- a/dataxfer.c | |||
+++ b/dataxfer.c | |||
@@ -3674,6 +3674,9 @@ clear_old_port_config(int curr_config) | |||
UNLOCK(ports_lock); | |||
} | |||
+#define REMOTEADDR_COLUMN_WIDTH \ | |||
+ (INET6_ADDRSTRLEN - 1 /* terminating NUL */ + 1 /* comma */ + 5 /* strlen("65535") */) | |||
+ | |||
/* Print information about a port to the control port given in cntlr. */ | |||
static void | |||
showshortport(struct controller_info *cntlr, port_info_t *port) | |||
@@ -3705,14 +3708,14 @@ showshortport(struct controller_info *cntlr, port_info_t *port) | |||
snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); | |||
/* gai_strerror could return an elongated string which could break | |||
our pretty formatted output below, so truncate the string nicely */ | |||
- if (strlen(buffer) > 22) | |||
- strcpy(&buffer[22 - 3], "..."); | |||
+ if (strlen(buffer) > REMOTEADDR_COLUMN_WIDTH) | |||
+ strcpy(&buffer[REMOTEADDR_COLUMN_WIDTH - 3], "..."); | |||
count = controller_outputf(cntlr, "%s", buffer); | |||
} else { | |||
count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); | |||
} | |||
- while (count < 23) { | |||
+ while (count < REMOTEADDR_COLUMN_WIDTH + 1) { | |||
controller_outs(cntlr, " "); | |||
count++; | |||
} | |||
@@ -3878,10 +3881,11 @@ showshortports(struct controller_info *cntlr, char *portspec) | |||
port_info_t *port; | |||
controller_outputf(cntlr, | |||
- "%-22s %-6s %7s %-22s %-22s %-14s %-14s %9s %9s %9s %9s %s\r\n", | |||
+ "%-22s %-6s %7s %-*s %-22s %-14s %-14s %9s %9s %9s %9s %s\r\n", | |||
"Port name", | |||
"Type", | |||
"Timeout", | |||
+ REMOTEADDR_COLUMN_WIDTH, | |||
"Remote address", | |||
"Device", | |||
"TCP to device", | |||
-- | |||
2.7.4 | |||
@ -0,0 +1,94 @@ | |||
From 1479d3acc7ffb77225ea294f83a8d3fbdadfece6 Mon Sep 17 00:00:00 2001 | |||
From: Michael Heimpold <mhei@heimpold.de> | |||
Date: Thu, 13 Apr 2017 20:37:35 +0200 | |||
Subject: [PATCH] dataxfer.c: in case port is not connected display this | |||
directly | |||
In this case we don't bother to call into getnameinfo but show | |||
directly "unconnected", this prevents showing an error message. | |||
Signed-off-by: Michael Heimpold <mhei@heimpold.de> | |||
Signed-off-by: Corey Minyard <cminyard@mvista.com> | |||
diff --git a/dataxfer.c b/dataxfer.c | |||
index 9955403..d6a59d9 100644 | |||
--- a/dataxfer.c | |||
+++ b/dataxfer.c | |||
@@ -3700,19 +3700,23 @@ showshortport(struct controller_info *cntlr, port_info_t *port) | |||
if (!netcon) | |||
netcon = &(port->netcons[0]); | |||
- err = getnameinfo(netcon->raddr, netcon->raddrlen, | |||
- buffer, sizeof(buffer), | |||
- portbuff, sizeof(portbuff), | |||
- NI_NUMERICHOST | NI_NUMERICSERV); | |||
- if (err) { | |||
- snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); | |||
- /* gai_strerror could return an elongated string which could break | |||
- our pretty formatted output below, so truncate the string nicely */ | |||
- if (strlen(buffer) > REMOTEADDR_COLUMN_WIDTH) | |||
- strcpy(&buffer[REMOTEADDR_COLUMN_WIDTH - 3], "..."); | |||
- count = controller_outputf(cntlr, "%s", buffer); | |||
+ if (port->net_to_dev_state != PORT_UNCONNECTED) { | |||
+ err = getnameinfo(netcon->raddr, netcon->raddrlen, | |||
+ buffer, sizeof(buffer), | |||
+ portbuff, sizeof(portbuff), | |||
+ NI_NUMERICHOST | NI_NUMERICSERV); | |||
+ if (err) { | |||
+ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); | |||
+ /* gai_strerror could return an elongated string which could break | |||
+ our pretty formatted output below, so truncate the string nicely */ | |||
+ if (strlen(buffer) > REMOTEADDR_COLUMN_WIDTH) | |||
+ strcpy(&buffer[REMOTEADDR_COLUMN_WIDTH - 3], "..."); | |||
+ count = controller_outputf(cntlr, "%s", buffer); | |||
+ } else { | |||
+ count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); | |||
+ } | |||
} else { | |||
- count = controller_outputf(cntlr, "%s,%s", buffer, portbuff); | |||
+ count = controller_outputf(cntlr, "unconnected"); | |||
} | |||
while (count < REMOTEADDR_COLUMN_WIDTH + 1) { | |||
@@ -3762,21 +3766,25 @@ showport(struct controller_info *cntlr, port_info_t *port) | |||
controller_outputf(cntlr, " timeout: %d\r\n", port->timeout); | |||
for_each_connection(port, netcon) { | |||
- err = getnameinfo(netcon->raddr, netcon->raddrlen, | |||
- buffer, sizeof(buffer), | |||
- portbuff, sizeof(portbuff), | |||
- NI_NUMERICHOST | NI_NUMERICSERV); | |||
- if (err) { | |||
- snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); | |||
- controller_outputf(cntlr, " connected to: %s\r\n", buffer); | |||
+ if (port->net_to_dev_state != PORT_UNCONNECTED) { | |||
+ err = getnameinfo(netcon->raddr, netcon->raddrlen, | |||
+ buffer, sizeof(buffer), | |||
+ portbuff, sizeof(portbuff), | |||
+ NI_NUMERICHOST | NI_NUMERICSERV); | |||
+ if (err) { | |||
+ snprintf(buffer, sizeof(buffer), "*err*,%s", gai_strerror(err)); | |||
+ controller_outputf(cntlr, " connected to: %s\r\n", buffer); | |||
+ } else { | |||
+ controller_outputf(cntlr, " connected to: %s,%s\r\n", | |||
+ buffer, portbuff); | |||
+ } | |||
+ controller_outputf(cntlr, " bytes read from TCP: %d\r\n", | |||
+ netcon->bytes_received); | |||
+ controller_outputf(cntlr, " bytes written to TCP: %d\r\n", | |||
+ netcon->bytes_sent); | |||
} else { | |||
- controller_outputf(cntlr, " connected to: %s,%s\r\n", | |||
- buffer, portbuff); | |||
+ controller_outputf(cntlr, " unconnected\r\n"); | |||
} | |||
- controller_outputf(cntlr, " bytes read from TCP: %d\r\n", | |||
- netcon->bytes_received); | |||
- controller_outputf(cntlr, " bytes written to TCP: %d\r\n", | |||
- netcon->bytes_sent); | |||
} | |||
controller_outputf(cntlr, " device: %s\r\n", port->io.devname); | |||
-- | |||
2.7.4 | |||