From 436c46875d665f16b7b8e270fc21ab8a4dbffbbd Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Thu, 12 Sep 2019 13:51:43 +0000 Subject: [PATCH] kenv: assert that an empty static buffer passed in is "empty" Garbage in the passed-in buffer can cause problems if any attempts to read the kenv are inadvertently made between init_static_kenv and the first kern_setenv -- assuming there is one. This is cheap and easy, so do it. This also helps rule out some class of bugs as one tries to debug; tunables fetch from the static environment up until SI_SUB_KMEM + 1, and many of these buffers are global ~4k buffers that rely on BSS clearing while others just grab a page of free memory and use it (e.g. xen). --- sys/kern/kern_environment.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/kern/kern_environment.c b/sys/kern/kern_environment.c index af3449f2b0bd..f7be09b6eb72 100644 --- a/sys/kern/kern_environment.c +++ b/sys/kern/kern_environment.c @@ -250,6 +250,8 @@ init_static_kenv(char *buf, size_t len) char *eval; KASSERT(!dynamic_kenv, ("kenv: dynamic_kenv already initialized")); + KASSERT(len == 0 || *buf == '\0', + ("kenv: sized buffer must be initially empty")); /* * We may be called twice, with the second call needed to relocate