Bug 238661

Summary:

mpt: print req->index rather than the pointer itself in mpt.c

Product:

Base System

Reporter:

Fuqian <huangfq.daxian>

Component:

kern

Assignee:

freebsd-scsi (Nobody) <scsi>

Status:

New ---

Severity:

Affects Some People

Keywords:

patch

Priority:

---

Version:

CURRENT

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
The patch file	none

Description Fuqian 2019-06-17 11:31:27 UTC

Created attachment 205179 [details]
The patch file

Print req->index instead of printing the pointer itself to
avoid kernel pointer leakage.

Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
---
 sys/dev/mpt/mpt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/dev/mpt/mpt.c b/sys/dev/mpt/mpt.c
index 6e41ff079e9..6ea00fc8bb1 100644
--- a/sys/dev/mpt/mpt.c
+++ b/sys/dev/mpt/mpt.c
@@ -488,8 +488,8 @@ mpt_default_reply_handler(struct mpt_softc *mpt, request_t *req,
 {
 
 	mpt_prt(mpt,
-	    "Default Handler Called: req=%p:%u reply_descriptor=%x frame=%p\n",
-	    req, req->serno, reply_desc, reply_frame);
+	    "Default Handler Called: req=%u:%u reply_descriptor=%x frame=%p\n",
+	    req->index, req->serno, reply_desc, reply_frame);
 
 	if (reply_frame != NULL)
 		mpt_dump_reply_frame(mpt, reply_frame);

Comment 1 Andriy Gapon freebsd_committer

2019-06-18 08:17:42 UTC

(In reply to Fuqian from comment #0)
I have noticed that you have opened a lot of bug reports of a similar kind.

Could you please explain what real problem do you see?
In you opinion, how can such a "disclosure" be exploited?

Perhaps it was worthwhile discussing your thoughts on some mailing lists before starting to create reports prolifically.