diff options
| author | cinap_lenrek <cinap_lenrek@gmx.de> | 2012-10-01 02:52:05 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@gmx.de> | 2012-10-01 02:52:05 +0200 |
| commit | 9e7ecc41d56148866725e26c872909823d515963 (patch) | |
| tree | deade257be67db80e2f6f49323cc8dd56fcb370d /sys/src/9/port/devsdp.c | |
| parent | 347ac6ef58d82e714358935568abcffd3509cfe8 (diff) | |
devproc buffer overflow, strncpy
in devproc status read handler the p->status, p->text and p->user
could overflow the local statbuf buffer as they where copied into
it with code like: memmove(statbuf+someoff, p->text, strlen(p->text)).
now using readstr() which will truncate if the string is too long.
make strncpy() usage consistent, make sure results are always null
terminated.
Diffstat (limited to 'sys/src/9/port/devsdp.c')
| -rw-r--r-- | sys/src/9/port/devsdp.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/src/9/port/devsdp.c b/sys/src/9/port/devsdp.c index 5ed0472a1..a205be87a 100644 --- a/sys/src/9/port/devsdp.c +++ b/sys/src/9/port/devsdp.c @@ -811,7 +811,8 @@ sdpclone(Sdp *sdp) c->ref = 2; c->state = CInit; c->in.window = ~0; - strncpy(c->owner, up->user, sizeof(c->owner)); + strncpy(c->owner, up->user, sizeof(c->owner)-1); + c->owner[sizeof(c->owner)-1] = 0; c->perm = 0660; qunlock(c); |