PERFORCE change 1202586 for review
John-Mark Gurney
jmg at FreeBSD.org
Fri Nov 7 00:29:30 UTC 2014
http://p4web.freebsd.org/@@1202586?ac=10
Change 1202586 by jmg at jmg_carbon2 on 2014/11/07 00:28:51
make sure that the passed in name is NUL terminated so we don't
strlen random kernel memory...
use strncpy here... Even though we aren't leaking kernel memory,
it's cleaner to NUL out the remaining buffer... for those that
ask, there is a security reason why strncpy exists...
Sponsored by: FreeBSD Foundation
Sponsored by: Netgate
Affected files ...
.. //depot/projects/opencrypto/sys/opencrypto/cryptodev.c#11 edit
Differences ...
==== //depot/projects/opencrypto/sys/opencrypto/cryptodev.c#11 (text+ko) ====
@@ -1151,14 +1151,16 @@
cryptodev_find(struct crypt_find_op *find)
{
device_t dev;
+ size_t fnlen = sizeof find->name;
if (find->crid != -1) {
dev = crypto_find_device_byhid(find->crid);
if (dev == NULL)
return (ENOENT);
- strlcpy(find->name, device_get_nameunit(dev),
- sizeof(find->name));
+ strncpy(find->name, device_get_nameunit(dev), fnlen);
+ find->name[fnlen - 1] = '\x0';
} else {
+ find->name[fnlen - 1] = '\x0';
find->crid = crypto_find_driver(find->name);
if (find->crid == -1)
return (ENOENT);
More information about the p4-projects
mailing list