Module Name: src
Committed By: kamil
Date: Wed May 6 07:25:26 UTC 2020
Modified Files:
src/lib/librumpuser: rumpuser_sp.c
Log Message:
Avoid buffer overflow
Disable the offending code.
OK by kre@
To generate a diff of this commit:
cvs rdiff -u -r1.75 -r1.76 src/lib/librumpuser/rumpuser_sp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/librumpuser/rumpuser_sp.c
diff -u src/lib/librumpuser/rumpuser_sp.c:1.75 src/lib/librumpuser/rumpuser_sp.c:1.76
--- src/lib/librumpuser/rumpuser_sp.c:1.75 Tue Mar 24 14:56:31 2020
+++ src/lib/librumpuser/rumpuser_sp.c Wed May 6 07:25:26 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: rumpuser_sp.c,v 1.75 2020/03/24 14:56:31 kre Exp $ */
+/* $NetBSD: rumpuser_sp.c,v 1.76 2020/05/06 07:25:26 kamil Exp $ */
/*
* Copyright (c) 2010, 2011 Antti Kantee. All Rights Reserved.
@@ -37,7 +37,7 @@
#include "rumpuser_port.h"
#if !defined(lint)
-__RCSID("$NetBSD: rumpuser_sp.c,v 1.75 2020/03/24 14:56:31 kre Exp $");
+__RCSID("$NetBSD: rumpuser_sp.c,v 1.76 2020/05/06 07:25:26 kamil Exp $");
#endif /* !lint */
#include <sys/types.h>
@@ -715,9 +715,13 @@ serv_handleexec(struct spclient *spc, st
* very much). proceed with exec.
*/
+#if 0 /* XXX triggers buffer overflow */
/* ensure comm is 0-terminated */
/* TODO: make sure it contains sensible chars? */
comm[commlen] = '\0';
+#else
+ (void)commlen;
+#endif
lwproc_switch(spc->spc_mainlwp);
lwproc_execnotify(comm);
@@ -979,9 +983,13 @@ handlereq(struct spclient *spc)
char *comm = (char *)spc->spc_buf;
size_t commlen = spc->spc_hdr.rsp_len - HDRSZ;
+#if 0 /* XXX triggers buffer overflow */
/* ensure it's 0-terminated */
/* XXX make sure it contains sensible chars? */
comm[commlen] = '\0';
+#else
+ (void)commlen;
+#endif
/* make sure we fork off of proc1 */
_DIAGASSERT(lwproc_curlwp() == NULL);
