Properly null-terminate strings in a kernel dump header. A version string

longer than 192 bytes will cause the version field of a dump header to overflow. strncpy doesn't null terminate it, so savecore will print a corrupted info file. Using strlcpy fixes the bug. Differential Revision: https://reviews.freebsd.org/D2560 Reviewed by: markj MFC after: 3 weeks Sponsored by: Spectra Logic
svn path=/head/; revision=283115
2015-05-19 16:23:47 +00:00 · 2015-05-19 16:23:47 +00:00 · 7a9c38e681 · 2020-12-20 02:59:44 +00:00
commit 7a9c38e681
parent 6b0f878290
1 changed files with 5 additions and 5 deletions
--- a/sys/kern/kern_shutdown.c
+++ b/sys/kern/kern_shutdown.c
@ -873,16 +873,16 @@ mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver,
 {

 	bzero(kdh, sizeof(*kdh));
-	strncpy(kdh->magic, magic, sizeof(kdh->magic));
-	strncpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture));
+	strlcpy(kdh->magic, magic, sizeof(kdh->magic));
+	strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture));
 	kdh->version = htod32(KERNELDUMPVERSION);
 	kdh->architectureversion = htod32(archver);
 	kdh->dumplength = htod64(dumplen);
 	kdh->dumptime = htod64(time_second);
 	kdh->blocksize = htod32(blksz);
-	strncpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname));
-	strncpy(kdh->versionstring, version, sizeof(kdh->versionstring));
+	strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname));
+	strlcpy(kdh->versionstring, version, sizeof(kdh->versionstring));
 	if (panicstr != NULL)
-		strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
+		strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
 	kdh->parity = kerneldump_parity(kdh);
 }