From owner-svn-src-head@FreeBSD.ORG  Fri Nov 28 14:53:18 2008
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 530121065673;
	Fri, 28 Nov 2008 14:53:18 +0000 (UTC) (envelope-from ed@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 461538FC14;
	Fri, 28 Nov 2008 14:53:18 +0000 (UTC) (envelope-from ed@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id mASErIV0021768;
	Fri, 28 Nov 2008 14:53:18 GMT (envelope-from ed@svn.freebsd.org)
Received: (from ed@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id mASErIII021767;
	Fri, 28 Nov 2008 14:53:18 GMT (envelope-from ed@svn.freebsd.org)
Message-Id: <200811281453.mASErIII021767@svn.freebsd.org>
From: Ed Schouten <ed@FreeBSD.org>
Date: Fri, 28 Nov 2008 14:53:18 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r185385 - head/sys/kern
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2008 14:53:18 -0000

Author: ed
Date: Fri Nov 28 14:53:18 2008
New Revision: 185385
URL: http://svn.freebsd.org/changeset/base/185385

Log:
  Fix matching of message queues by name.
  
  The mqfs_search() routine uses strncmp() to match message queue objects
  by name. This is because it can be called from environments where the
  file name is not null terminated (the VFS for example).
  
  Unfortunately it doesn't compare the lengths of the message queue names,
  which means if a system has "Queue12345", the name "Queue" will also
  match.
  
  I noticed this when a student of mine handed in an exercise using
  message queues with names "Queue2" and "Queue".
  
  Reviewed by:	rink

Modified:
  head/sys/kern/uipc_mqueue.c

Modified: head/sys/kern/uipc_mqueue.c
==============================================================================
--- head/sys/kern/uipc_mqueue.c	Fri Nov 28 14:49:26 2008	(r185384)
+++ head/sys/kern/uipc_mqueue.c	Fri Nov 28 14:53:18 2008	(r185385)
@@ -793,7 +793,8 @@ mqfs_search(struct mqfs_node *pd, const 
 
 	sx_assert(&pd->mn_info->mi_lock, SX_LOCKED);
 	LIST_FOREACH(pn, &pd->mn_children, mn_sibling) {
-		if (strncmp(pn->mn_name, name, len) == 0)
+		if (strncmp(pn->mn_name, name, len) == 0 &&
+		    pn->mn_name[len] == '\0')
 			return (pn);
 	}
 	return (NULL);