PERFORCE change 84219 for review
Robert Watson
rwatson at FreeBSD.org
Sat Sep 24 18:40:30 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=84219
Change 84219 by rwatson at rwatson_peppercorn on 2005/09/24 18:40:12
vn_fullpath() returns a buffer of max length MAXPATHLEN containing
a nul-terminated path string. However, the pointer to the path
may not be the head of the buffer, so attempting to bcopy the
buffer length may overrun the end of the buffer for reading,
resulting in a possible invalid memory access. Because of proper
nul termination, this did not result in leakage of kernel memory
to user space, but could result in a panic.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#11 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/audit/kern_bsm_klib.c#11 (text+ko) ====
@@ -449,7 +449,7 @@
vn_lock(vnp, LK_EXCLUSIVE | LK_RETRY, td);
if (vn_fullpath(td, vnp, &retbuf, &freebuf) == 0) {
/* Copy and free buffer allocated by vn_fullpath() */
- bcopy(retbuf, cpath, MAXPATHLEN);
+ strlcpy(cpath, retbuf, MAXPATHLEN);
free(freebuf, M_TEMP);
}
else {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list