Module Name: src
Committed By: kamil
Date: Tue Mar 24 01:56:56 UTC 2020
Modified Files:
src/lib/librumpuser: rumpuser_sp.c
Log Message:
Avoid buffer overflow
Detected with ASan + RUMPKERNEL.
To generate a diff of this commit:
cvs rdiff -u -r1.72 -r1.73 src/lib/librumpuser/rumpuser_sp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/librumpuser/rumpuser_sp.c
diff -u src/lib/librumpuser/rumpuser_sp.c:1.72 src/lib/librumpuser/rumpuser_sp.c:1.73
--- src/lib/librumpuser/rumpuser_sp.c:1.72 Tue Sep 6 07:45:41 2016
+++ src/lib/librumpuser/rumpuser_sp.c Tue Mar 24 01:56:56 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: rumpuser_sp.c,v 1.72 2016/09/06 07:45:41 martin Exp $ */
+/* $NetBSD: rumpuser_sp.c,v 1.73 2020/03/24 01:56:56 kamil Exp $ */
/*
* Copyright (c) 2010, 2011 Antti Kantee. All Rights Reserved.
@@ -37,7 +37,7 @@
#include "rumpuser_port.h"
#if !defined(lint)
-__RCSID("$NetBSD: rumpuser_sp.c,v 1.72 2016/09/06 07:45:41 martin Exp $");
+__RCSID("$NetBSD: rumpuser_sp.c,v 1.73 2020/03/24 01:56:56 kamil Exp $");
#endif /* !lint */
#include <sys/types.h>
@@ -717,7 +717,7 @@ serv_handleexec(struct spclient *spc, st
/* ensure comm is 0-terminated */
/* TODO: make sure it contains sensible chars? */
- comm[commlen] = '\0';
+ comm[commlen - 1] = '\0';
lwproc_switch(spc->spc_mainlwp);
lwproc_execnotify(comm);
@@ -981,7 +981,7 @@ handlereq(struct spclient *spc)
/* ensure it's 0-terminated */
/* XXX make sure it contains sensible chars? */
- comm[commlen] = '\0';
+ comm[commlen - 1] = '\0';
/* make sure we fork off of proc1 */
_DIAGASSERT(lwproc_curlwp() == NULL);
