Re: String functions considered unsafe in kernel
- In reply to: Johannes Totz via freebsd-hackers : "String functions considered unsafe in kernel"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 03 Sep 2021 17:45:41 UTC
It's straight-up a bug to do *anything* directly on a user-provided string. You must use copyinstr to copy it into a kernel buffer first, which guarantees null termination. In legacy cases where a user provided buffer could be legitimately not null-terminated, such as in a struct sockaddr_un, developers must take care to null-terminate the string themselves after copyin.