Date: Thu, 5 May 2005 20:22:02 -0700 From: John-Mark Gurney <gurney_j@resnet.uoregon.edu> To: Colin Percival <cperciva@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern subr_bus.c subr_rman.c vfs_subr.c src/sys/net if_mib.c src/sys/netinet ip_divert.c raw_ip.c udp_usrreq.c Message-ID: <20050506032202.GC2670@funkthat.com> In-Reply-To: <200505060248.j462mL0k009905@repoman.freebsd.org> References: <200505060248.j462mL0k009905@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Colin Percival wrote this message on Fri, May 06, 2005 at 02:48 +0000:
> cperciva 2005-05-06 02:48:21 UTC
>
> FreeBSD src repository
>
> Modified files:
> sys/kern subr_bus.c subr_rman.c vfs_subr.c
> sys/net if_mib.c
> sys/netinet ip_divert.c raw_ip.c udp_usrreq.c
> Log:
> If we are going to
> 1. Copy a NULL-terminated string into a fixed-length buffer, and
> 2. copyout that buffer to userland,
> we really ought to
> 0. Zero the entire buffer
> first.
>
> Security: FreeBSD-SA-05:08.kmem
/me notes this is a good reason to use strncpy instead of strlcpy.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050506032202.GC2670>