devproc buffer overflow, strncpy

in devproc status read handler the p->status, p->text and p->user could overflow the local statbuf buffer as they where copied into it with code like: memmove(statbuf+someoff, p->text, strlen(p->text)). now using readstr() which will truncate if the string is too long. make strncpy() usage consistent, make sure results are always null terminated.
author: cinap_lenrek <cinap_lenrek@gmx.de> 2012-10-01 02:52:05 +0200
committer: cinap_lenrek <cinap_lenrek@gmx.de> 2012-10-01 02:52:05 +0200
commit: 9e7ecc41d56148866725e26c872909823d515963 (patch)
tree: deade257be67db80e2f6f49323cc8dd56fcb370d /sys/src/9/pc/devarch.c
parent: 347ac6ef58d82e714358935568abcffd3509cfe8 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/src/9/pc/devarch.c b/sys/src/9/pc/devarch.c
index 47e4a754f..e877eab5f 100644
--- a/sys/src/9/pc/devarch.c
+++ b/sys/src/9/pc/devarch.c
@@ -188,7 +188,7 @@ ioreserve(int, int size, int align, char *tag)
 	m->start = port;
 	m->end = port + size;
 	m->reserved = 1;
-	strncpy(m->tag, tag, sizeof(m->tag));
+	strncpy(m->tag, tag, sizeof(m->tag)-1);
 	m->tag[sizeof(m->tag)-1] = 0;
 	*l = m;
 
@@ -259,7 +259,7 @@ ioalloc(int port, int size, int align, char *tag)
 	m->next = *l;
 	m->start = port;
 	m->end = port + size;
-	strncpy(m->tag, tag, sizeof(m->tag));
+	strncpy(m->tag, tag, sizeof(m->tag)-1);
 	m->tag[sizeof(m->tag)-1] = 0;
 	*l = m;
author	cinap_lenrek <cinap_lenrek@gmx.de>	2012-10-01 02:52:05 +0200
committer	cinap_lenrek <cinap_lenrek@gmx.de>	2012-10-01 02:52:05 +0200
commit	9e7ecc41d56148866725e26c872909823d515963 (patch)
tree	deade257be67db80e2f6f49323cc8dd56fcb370d /sys/src/9/pc/devarch.c
parent	347ac6ef58d82e714358935568abcffd3509cfe8 (diff)