d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Properly null-terminate strings in a kernel dump header. A version string

Browse Source 
longer than 192 bytes will cause the version field of a dump header to
overflow. strncpy doesn't null terminate it, so savecore will print a
corrupted info file. Using strlcpy fixes the bug.

Differential Revision:	https://reviews.freebsd.org/D2560
Reviewed by:		markj
MFC after:		3 weeks
Sponsored by:		Spectra Logic
This commit is contained in:
asomers 2015-05-19 16:23:47 +00:00
parent 4cba3170f9
commit 1a7b6ddd5d
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/kern/kern_shutdown.c
View File

@ -873,16 +873,16 @@ mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver,
{
bzero(kdh, sizeof(*kdh));
strncpy(kdh->magic, magic, sizeof(kdh->magic));
strncpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture));
strlcpy(kdh->magic, magic, sizeof(kdh->magic));
strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture));
kdh->version = htod32(KERNELDUMPVERSION);
kdh->architectureversion = htod32(archver);
kdh->dumplength = htod64(dumplen);
kdh->dumptime = htod64(time_second);
kdh->blocksize = htod32(blksz);
strncpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname));
strncpy(kdh->versionstring, version, sizeof(kdh->versionstring));
strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname));
strlcpy(kdh->versionstring, version, sizeof(kdh->versionstring));
if (panicstr != NULL)
strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
kdh->parity = kerneldump_parity(kdh);
}