Site Navigation

Date:      Wed, 20 Apr 2016 04:50:33 +0000 (UTC)
From:      "Conrad E. Meyer" <cem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r298337 - head/sys/dev/pty
Message-ID:  <201604200450.u3K4oXIm089013@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: cem
Date: Wed Apr 20 04:50:33 2016
New Revision: 298337
URL: https://svnweb.freebsd.org/changeset/base/298337

Log:
  pty(4): Use strlcpy to guarantee destination buffer isn't overrun
  
  The devtoname() name is strcpyed into a small stack buffer.  Sure, we always
  expect the name to be ttyXX (or ptyXX).  If that's the case, strlcpy() doesn't
  hurt.
  
  Reported by:	Coverity
  CID:		1006768
  Sponsored by:	EMC / Isilon Storage Division

Modified:
  head/sys/dev/pty/pty.c

Modified: head/sys/dev/pty/pty.c
==============================================================================
--- head/sys/dev/pty/pty.c	Wed Apr 20 04:45:23 2016	(r298336)
+++ head/sys/dev/pty/pty.c	Wed Apr 20 04:50:33 2016	(r298337)
@@ -67,7 +67,7 @@ ptydev_fdopen(struct cdev *dev, int ffla
 		return (EBUSY);
 
 	/* Generate device name and create PTY. */
-	strcpy(name, devtoname(dev));
+	strlcpy(name, devtoname(dev), sizeof(name));
 	name[0] = 't';
 
 	error = pts_alloc_external(fflags & (FREAD|FWRITE), td, fp, dev, name);

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201604200450.u3K4oXIm089013>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact