Date: Sun, 1 Apr 2018 16:43:30 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r331867 - stable/11/sys/netsmb Message-ID: <201804011643.w31GhU3h037512@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Sun Apr 1 16:43:30 2018 New Revision: 331867 URL: https://svnweb.freebsd.org/changeset/base/331867 Log: MFC r324102 (by cem): netsmb: Fix buggy/racy smb_strdupin() PR: 222687 Modified: stable/11/sys/netsmb/smb_subr.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netsmb/smb_subr.c ============================================================================== --- stable/11/sys/netsmb/smb_subr.c Sun Apr 1 16:42:13 2018 (r331866) +++ stable/11/sys/netsmb/smb_subr.c Sun Apr 1 16:43:30 2018 (r331867) @@ -110,22 +110,11 @@ smb_strdup(const char *s) char * smb_strdupin(char *s, size_t maxlen) { - char *p, bt; + char *p; int error; - size_t len; - len = 0; - for (p = s; ;p++) { - if (copyin(p, &bt, 1)) - return NULL; - len++; - if (maxlen && len > maxlen) - return NULL; - if (bt == 0) - break; - } - p = malloc(len, M_SMBSTR, M_WAITOK); - error = copyin(s, p, len); + p = malloc(maxlen + 1, M_SMBSTR, M_WAITOK); + error = copyinstr(s, p, maxlen + 1, NULL); if (error) { free(p, M_SMBSTR); return (NULL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804011643.w31GhU3h037512>