Date: Sat, 10 Jun 2017 14:14:22 -0400 From: Peter Grehan <grehan@freebsd.org> To: cem@freebsd.org, Marcelo Araujo <araujo@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r319487 - head/usr.sbin/bhyve Message-ID: <c57edc3c-f0bf-236b-43e5-6432f18b0bd1@freebsd.org> In-Reply-To: <CAG6CVpUrhJZbLftosxp1CH8p6WtLWkSWoown0BjgV7fMB5%2B4qg@mail.gmail.com> References: <201706020235.v522ZGeC076100@repo.freebsd.org> <CAG6CVpUrhJZbLftosxp1CH8p6WtLWkSWoown0BjgV7fMB5%2B4qg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Conrad, > Here, keystr is not zero initialized.... > Note that strncpy below does not fill the remainder of the buffer with > nuls if rc->password is shorter than 7 characters. > >> + * The client then sends the resulting 16-bytes response. >> + */ >> +#ifndef NO_OPENSSL >> + strncpy(keystr, rc->password, PASSWD_LENGTH); strncpy() is specified to zero-fill if the source is shorter than the length. Are we missing something ? The other issues you brought up look valid. later, Peter.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c57edc3c-f0bf-236b-43e5-6432f18b0bd1>