diff options
| author | cinap_lenrek <cinap_lenrek@gmx.de> | 2012-10-01 02:52:05 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@gmx.de> | 2012-10-01 02:52:05 +0200 |
| commit | 9e7ecc41d56148866725e26c872909823d515963 (patch) | |
| tree | deade257be67db80e2f6f49323cc8dd56fcb370d /sys/src/9/port/qio.c | |
| parent | 347ac6ef58d82e714358935568abcffd3509cfe8 (diff) | |
devproc buffer overflow, strncpy
in devproc status read handler the p->status, p->text and p->user
could overflow the local statbuf buffer as they where copied into
it with code like: memmove(statbuf+someoff, p->text, strlen(p->text)).
now using readstr() which will truncate if the string is too long.
make strncpy() usage consistent, make sure results are always null
terminated.
Diffstat (limited to 'sys/src/9/port/qio.c')
| -rw-r--r-- | sys/src/9/port/qio.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/src/9/port/qio.c b/sys/src/9/port/qio.c index df3c74dc7..a721debf8 100644 --- a/sys/src/9/port/qio.c +++ b/sys/src/9/port/qio.c @@ -1419,8 +1419,10 @@ qhangup(Queue *q, char *msg) q->state |= Qclosed; if(msg == 0 || *msg == 0) strcpy(q->err, Ehungup); - else + else { strncpy(q->err, msg, ERRMAX-1); + q->err[ERRMAX-1] = 0; + } iunlock(q); /* wake up readers/writers */ |