diff options
| author | cinap_lenrek <cinap_lenrek@gmx.de> | 2012-10-11 17:29:16 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@gmx.de> | 2012-10-11 17:29:16 +0200 |
| commit | 16d61d3c974b1d287db8d548cc13078341019730 (patch) | |
| tree | 95bab330a7bee0b37bcf5d1495a76258969a2655 /sys/src/9/port/qio.c | |
| parent | d9394b0d87169ef7aa7796344af421c757bc3749 (diff) | |
kernel: try to catch some (rare) mistakes
kstrcpy() did not null terminate for < 4 byte buffers. fixed,
but i dont think there is any case where this can happen in
practice.
always set malloctag in kstrdup(), cleanup.
always use ERRMAX bounded kstrcpy() to set up->errstr, q->err
and note[]->msg. paranoia.
instead of silently truncating interface name in netifinit(),
panic the kernel if interface name is too long as this case
is clearly a mistake.
panic kernel when filename is too long for addbootfile() in
devroot. this might happen if your kernel configuration is
messed up.
Diffstat (limited to 'sys/src/9/port/qio.c')
| -rw-r--r-- | sys/src/9/port/qio.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/sys/src/9/port/qio.c b/sys/src/9/port/qio.c index a721debf8..a70fa8a31 100644 --- a/sys/src/9/port/qio.c +++ b/sys/src/9/port/qio.c @@ -1391,7 +1391,7 @@ qclose(Queue *q) ilock(q); q->state |= Qclosed; q->state &= ~(Qflow|Qstarve); - strcpy(q->err, Ehungup); + kstrcpy(q->err, Ehungup, ERRMAX); bfirst = q->bfirst; q->bfirst = 0; q->len = 0; @@ -1417,12 +1417,9 @@ qhangup(Queue *q, char *msg) /* mark it */ ilock(q); q->state |= Qclosed; - if(msg == 0 || *msg == 0) - strcpy(q->err, Ehungup); - else { - strncpy(q->err, msg, ERRMAX-1); - q->err[ERRMAX-1] = 0; - } + if(msg == 0 || *msg == '\0') + msg = Ehungup; + kstrcpy(q->err, msg, ERRMAX); iunlock(q); /* wake up readers/writers */ |