Date: Thu, 05 May 2005 23:22:14 -0600 (MDT) From: "M. Warner Losh" <imp@bsdimp.com> To: gurney_j@resnet.uoregon.edu Cc: cperciva@freebsd.org Subject: Re: cvs commit: src/sys/kern subr_bus.c subr_rman.c vfs_subr.c src/sys/net if_mib.c src/sys/netinet ip_divert.c raw_ip.c udp_usrreq.c Message-ID: <20050505.232214.96921001.imp@bsdimp.com> In-Reply-To: <20050506032202.GC2670@funkthat.com> References: <200505060248.j462mL0k009905@repoman.freebsd.org> <20050506032202.GC2670@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <20050506032202.GC2670@funkthat.com>
John-Mark Gurney <gurney_j@resnet.uoregon.edu> writes:
: Colin Percival wrote this message on Fri, May 06, 2005 at 02:48 +0000:
: > cperciva 2005-05-06 02:48:21 UTC
: >
: > FreeBSD src repository
: >
: > Modified files:
: > sys/kern subr_bus.c subr_rman.c vfs_subr.c
: > sys/net if_mib.c
: > sys/netinet ip_divert.c raw_ip.c udp_usrreq.c
: > Log:
: > If we are going to
: > 1. Copy a NULL-terminated string into a fixed-length buffer, and
: > 2. copyout that buffer to userland,
: > we really ought to
: > 0. Zero the entire buffer
: > first.
: >
: > Security: FreeBSD-SA-05:08.kmem
:
: /me notes this is a good reason to use strncpy instead of strlcpy.
Don't you mean the opposite?
Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050505.232214.96921001.imp>