Date: Tue, 26 Jan 2016 18:10:38 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 206648] Fix double strlen in ktrstruct Message-ID: <bug-206648-8-LxXNl5R4rc@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-206648-8@https.bugs.freebsd.org/bugzilla/> References: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206648 --- Comment #3 from Mateusz Guzik <mjg@FreeBSD.org> --- Maybe it should be noted that even with all callers behaving as they should, there indeed could be a problem here. If there was a bug elsewhere in the kernel allowing someone to modify the passed string they could indeed try to trick the kernel into overflowing the buffer by moving the null terminator before strcpy is called. However, I consider trying to fight these kind of problems in this way to b= e a non-starter. That said, the code is somewhat weaker than it could be, but changing this place while there are zilions other places with similar kind of issues is n= ot the way to go. Same thing applies to kernels from other projects. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-206648-8-LxXNl5R4rc>