From owner-freebsd-bugs@freebsd.org  Tue Jan 26 18:10:38 2016
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 942DAA6EE80
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Tue, 26 Jan 2016 18:10:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8604C1241
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 18:10:38 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u0QIAcVx014912
 for <freebsd-bugs@FreeBSD.org>; Tue, 26 Jan 2016 18:10:38 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 206648] Fix double strlen in ktrstruct
Date: Tue, 26 Jan 2016 18:10:38 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: mjg@FreeBSD.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-206648-8-LxXNl5R4rc@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-206648-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 18:10:38 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D206648

--- Comment #3 from Mateusz Guzik <mjg@FreeBSD.org> ---
Maybe it should be noted that even with all callers behaving as they should,
there indeed could be a problem here. If there was a bug elsewhere in the
kernel allowing someone to modify the passed string they could indeed try to
trick the kernel into overflowing the buffer by moving the null terminator
before strcpy is called.

However, I consider trying to fight these kind of problems in this way to b=
e a
non-starter.

That said, the code is somewhat weaker than it could be, but changing this
place while there are zilions other places with similar kind of issues is n=
ot
the way to go. Same thing applies to kernels from other projects.

--=20
You are receiving this mail because:
You are the assignee for the bug.=