Bug 238661 - mpt: print req->index rather than the pointer itself in mpt.c
Summary: mpt: print req->index rather than the pointer itself in mpt.c
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-scsi (Nobody)
Keywords: patch
Depends on:
Reported: 2019-06-17 11:31 UTC by Fuqian
Modified: 2019-07-04 10:42 UTC (History)
0 users

See Also:

The patch file (1.02 KB, patch)
2019-06-17 11:31 UTC, Fuqian
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Fuqian 2019-06-17 11:31:27 UTC
Created attachment 205179 [details]
The patch file

Print req->index instead of printing the pointer itself to
avoid kernel pointer leakage.

Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com>
 sys/dev/mpt/mpt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/dev/mpt/mpt.c b/sys/dev/mpt/mpt.c
index 6e41ff079e9..6ea00fc8bb1 100644
--- a/sys/dev/mpt/mpt.c
+++ b/sys/dev/mpt/mpt.c
@@ -488,8 +488,8 @@ mpt_default_reply_handler(struct mpt_softc *mpt, request_t *req,
-	    "Default Handler Called: req=%p:%u reply_descriptor=%x frame=%p\n",
-	    req, req->serno, reply_desc, reply_frame);
+	    "Default Handler Called: req=%u:%u reply_descriptor=%x frame=%p\n",
+	    req->index, req->serno, reply_desc, reply_frame);
 	if (reply_frame != NULL)
 		mpt_dump_reply_frame(mpt, reply_frame);
Comment 1 Andriy Gapon freebsd_committer 2019-06-18 08:17:42 UTC
(In reply to Fuqian from comment #0)
I have noticed that you have opened a lot of bug reports of a similar kind.

Could you please explain what real problem do you see?
In you opinion, how can such a "disclosure" be exploited?

Perhaps it was worthwhile discussing your thoughts on some mailing lists before starting to create reports prolifically.