Fix two horrible bugs found during a routine audit session with Brett Lymn.

First one was incorrectly loading entries -- we were treating each file as a mount, which resulted in huge mess. I have no excuse for how I didn't catch this earlier. Second, use the table name we create for the Veriexec sysctl node and not the fixed "table0". Both are fileassoc(9) integration fallout.
2006-09-05 13:02:16 +00:00 · 2006-09-05 13:02:16 +00:00 · 95ed982c27
commit 95ed982c27
parent 90f5d4a3e0
2 changed files with 15 additions and 17 deletions
--- a/sbin/veriexecctl/veriexecctl_parse.y
+++ b/sbin/veriexecctl/veriexecctl_parse.y
@ -1,5 +1,5 @@
 %{
-/*	$NetBSD: veriexecctl_parse.y,v 1.15 2006/07/14 23:00:09 elad Exp $	*/
+/*	$NetBSD: veriexecctl_parse.y,v 1.16 2006/09/05 13:02:16 elad Exp $	*/

 /*-
 * Copyright 2005 Elad Efrat <elad@bsd.org.il>
@ -65,13 +65,13 @@ statement	:	/* empty */
 		|	statement path type fingerprint flags eol {
 	struct stat sb;
 	struct veriexec_up *p;
+	struct statvfs sf;

 	if (phase == 2) {
 		phase2_load();
 		goto phase_2_end;
 	}

-#if 1
 	if (stat(params.file, &sb) == -1) {
 		warnx("Line %lu: Can't stat `%s'",
 		    (unsigned long)line, params.file);
@ -84,23 +84,21 @@ statement	:	/* empty */
 		    (unsigned long)line, params.file);
 		goto phase_2_end;
 	}
-#endif

-	/* if ((p = dev_lookup(sb.st_dev)) != NULL) { */
-	if ((p = dev_lookup(params.file)) != NULL) {
+	if (statvfs(params.file, &sf) == -1)
+		err(1, "Cannot statvfs `%s'", params.file);
+
+	if ((p = dev_lookup(sf.f_mntonname)) != NULL) {
 	    (p->vu_param.hash_size)++;
 	    goto phase_2_end;
 	}

 	if (verbose) {
-		struct statvfs sf;
-		if (statvfs(params.file, &sf) == -1)
-			err(1, "Cannot statvfs `%s'", params.file);
-
-		(void)printf( " => Adding mount `%s'.\n",
-		    sf.f_mntonname);
+		(void)printf( " => Adding mount `%s'.\n", sf.f_mntonname);
 	}
-	dev_add(params.file);
+
+	dev_add(sf.f_mntonname);
+
 phase_2_end:
 	(void)memset(&params, 0, sizeof(params));
 }
--- a/sys/dev/verified_exec.c
+++ b/sys/dev/verified_exec.c
@ -1,4 +1,4 @@
-/*	$NetBSD: verified_exec.c,v 1.42 2006/09/03 21:38:23 christos Exp $	*/
+/*	$NetBSD: verified_exec.c,v 1.43 2006/09/05 13:02:16 elad Exp $	*/

 /*-
 * Copyright 2005 Elad Efrat <elad@NetBSD.org>
@ -31,9 +31,9 @@

 #include <sys/cdefs.h>
 #if defined(__NetBSD__)
-__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.42 2006/09/03 21:38:23 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: verified_exec.c,v 1.43 2006/09/05 13:02:16 elad Exp $");
 #else
-__RCSID("$Id: verified_exec.c,v 1.42 2006/09/03 21:38:23 christos Exp $\n$NetBSD: verified_exec.c,v 1.42 2006/09/03 21:38:23 christos Exp $");
+__RCSID("$Id: verified_exec.c,v 1.43 2006/09/05 13:02:16 elad Exp $\n$NetBSD: verified_exec.c,v 1.43 2006/09/05 13:02:16 elad Exp $");
 #endif

 #include <sys/param.h>
@ -239,9 +239,9 @@ veriexec_newtable(struct veriexec_sizing_params *params, struct lwp *l)
 		panic("Fileassoc: Inconsistency after adding table");
 #endif /* DIAGNOSTIC */

-	snprintf(buf, sizeof(buf), "table%ud", veriexec_tablecount++);
+	snprintf(buf, sizeof(buf), "table%u", veriexec_tablecount++);
 	sysctl_createv(NULL, 0, &veriexec_count_node, &vte->vte_node,
-		       0, CTLTYPE_NODE, "table0", NULL, NULL, 0, NULL,
+		       0, CTLTYPE_NODE, buf, NULL, NULL, 0, NULL,
 		       0, CTL_CREATE, CTL_EOL);

 	sysctl_createv(NULL, 0, &vte->vte_node, NULL,