Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/kern Restrict the size given to copyoutstr. It is safer ...
details: https://anonhg.NetBSD.org/src/rev/8c0c7d2b66e0
branches: trunk
changeset: 962167:8c0c7d2b66e0
user: maxv <maxv%NetBSD.org@localhost>
date: Mon Jul 01 17:15:43 2019 +0000
description:
Restrict the size given to copyoutstr. It is safer to do that; even if
there is no actual bug here, since the buffer is guaranteed to be NUL
terminated.
With KASAN we check the whole buffer to cover the "worst" case, and here
it triggered false positives because the buffer size was not filtered.
diffstat:
sys/kern/sys_lwp.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diffs (37 lines):
diff -r 3afa49c9931d -r 8c0c7d2b66e0 sys/kern/sys_lwp.c
--- a/sys/kern/sys_lwp.c Mon Jul 01 07:57:01 2019 +0000
+++ b/sys/kern/sys_lwp.c Mon Jul 01 17:15:43 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sys_lwp.c,v 1.67 2019/05/03 22:34:21 kamil Exp $ */
+/* $NetBSD: sys_lwp.c,v 1.68 2019/07/01 17:15:43 maxv Exp $ */
/*-
* Copyright (c) 2001, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.67 2019/05/03 22:34:21 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.68 2019/07/01 17:15:43 maxv Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -839,6 +839,7 @@
} */
char name[MAXCOMLEN];
lwpid_t target;
+ size_t len;
proc_t *p;
lwp_t *t;
@@ -859,7 +860,9 @@
lwp_unlock(t);
mutex_exit(p->p_lock);
- return copyoutstr(name, SCARG(uap, name), SCARG(uap, len), NULL);
+ len = uimin(SCARG(uap, len), sizeof(name));
+
+ return copyoutstr(name, SCARG(uap, name), len, NULL);
}
int
Home |
Main Index |
Thread Index |
Old Index