Date: Fri, 3 Sep 2021 13:45:41 -0400 From: Ryan Stone <rysto32@gmail.com> To: jo@bruelltuete.com Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: String functions considered unsafe in kernel Message-ID: <CAFMmRNwr9utWvNjQnmRv4UhePsg2NJ2uVVrMTbtzCLhFb2Em=g@mail.gmail.com> In-Reply-To: <2b59c3ae-8330-facd-def9-c0640c56cf3a@bruelltuete.com> References: <2b59c3ae-8330-facd-def9-c0640c56cf3a@bruelltuete.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It's straight-up a bug to do *anything* directly on a user-provided string. You must use copyinstr to copy it into a kernel buffer first, which guarantees null termination. In legacy cases where a user provided buffer could be legitimately not null-terminated, such as in a struct sockaddr_un, developers must take care to null-terminate the string themselves after copyin.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFMmRNwr9utWvNjQnmRv4UhePsg2NJ2uVVrMTbtzCLhFb2Em=g>