From 16d61d3c974b1d287db8d548cc13078341019730 Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@gmx.de>
Date: Thu, 11 Oct 2012 17:29:16 +0200
Subject: kernel: try to catch some (rare) mistakes

kstrcpy() did not null terminate for < 4 byte buffers. fixed,
but i dont think there is any case where this can happen in
practice.

always set malloctag in kstrdup(), cleanup.

always use ERRMAX bounded kstrcpy() to set up->errstr, q->err
and note[]->msg. paranoia.

instead of silently truncating interface name in netifinit(),
panic the kernel if interface name is too long as this case
is clearly a mistake.

panic kernel when filename is too long for addbootfile() in
devroot. this might happen if your kernel configuration is
messed up.
---
 sys/src/9/port/qio.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'sys/src/9/port/qio.c')

diff --git a/sys/src/9/port/qio.c b/sys/src/9/port/qio.c
index a721debf8..a70fa8a31 100644
--- a/sys/src/9/port/qio.c
+++ b/sys/src/9/port/qio.c
@@ -1391,7 +1391,7 @@ qclose(Queue *q)
 	ilock(q);
 	q->state |= Qclosed;
 	q->state &= ~(Qflow|Qstarve);
-	strcpy(q->err, Ehungup);
+	kstrcpy(q->err, Ehungup, ERRMAX);
 	bfirst = q->bfirst;
 	q->bfirst = 0;
 	q->len = 0;
@@ -1417,12 +1417,9 @@ qhangup(Queue *q, char *msg)
 	/* mark it */
 	ilock(q);
 	q->state |= Qclosed;
-	if(msg == 0 || *msg == 0)
-		strcpy(q->err, Ehungup);
-	else {
-		strncpy(q->err, msg, ERRMAX-1);
-		q->err[ERRMAX-1] = 0;
-	}
+	if(msg == 0 || *msg == '\0')
+		msg = Ehungup;
+	kstrcpy(q->err, msg, ERRMAX);
 	iunlock(q);
 
 	/* wake up readers/writers */
-- 
cgit v1.2.3