Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 May 2016 08:42:21 +0000 (UTC)
From:      Garrett Cooper <ngie@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r299624 - stable/9/sys/dev/pty
Message-ID:  <201605130842.u4D8gLW7068191@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ngie
Date: Fri May 13 08:42:21 2016
New Revision: 299624
URL: https://svnweb.freebsd.org/changeset/base/299624

Log:
  MFstable/10 r299623:
  
  MFC r298337:
  r298337 (by cem):
  
  pty(4): Use strlcpy to guarantee destination buffer isn't overrun
  
  The devtoname() name is strcpyed into a small stack buffer.  Sure, we always
  expect the name to be ttyXX (or ptyXX).  If that's the case, strlcpy() doesn't
  hurt.
  
  CID:		1006768

Modified:
  stable/9/sys/dev/pty/pty.c
Directory Properties:
  stable/9/   (props changed)
  stable/9/sys/   (props changed)
  stable/9/sys/dev/   (props changed)

Modified: stable/9/sys/dev/pty/pty.c
==============================================================================
--- stable/9/sys/dev/pty/pty.c	Fri May 13 08:41:09 2016	(r299623)
+++ stable/9/sys/dev/pty/pty.c	Fri May 13 08:42:21 2016	(r299624)
@@ -67,7 +67,7 @@ ptydev_fdopen(struct cdev *dev, int ffla
 		return (EBUSY);
 
 	/* Generate device name and create PTY. */
-	strcpy(name, devtoname(dev));
+	strlcpy(name, devtoname(dev), sizeof(name));
 	name[0] = 't';
 
 	error = pts_alloc_external(fflags & (FREAD|FWRITE), td, fp, dev, name);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605130842.u4D8gLW7068191>