summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormarkj <markj@FreeBSD.org>2018-04-01 16:43:30 +0000
committermarkj <markj@FreeBSD.org>2018-04-01 16:43:30 +0000
commita1c64456d5ecd840ad9ac697501f01503909dc4c (patch)
tree6230463ac793d939eab680608ba1715a2defbbd9
parent99173bf883f7458d69defec08d49161954c5067c (diff)
downloadFreeBSD-src-a1c64456d5ecd840ad9ac697501f01503909dc4c.zip
FreeBSD-src-a1c64456d5ecd840ad9ac697501f01503909dc4c.tar.gz
MFC r324102 (by cem):
netsmb: Fix buggy/racy smb_strdupin() PR: 222687
-rw-r--r--sys/netsmb/smb_subr.c17
1 files changed, 3 insertions, 14 deletions
diff --git a/sys/netsmb/smb_subr.c b/sys/netsmb/smb_subr.c
index 2992f99..c4b9730 100644
--- a/sys/netsmb/smb_subr.c
+++ b/sys/netsmb/smb_subr.c
@@ -110,22 +110,11 @@ smb_strdup(const char *s)
char *
smb_strdupin(char *s, size_t maxlen)
{
- char *p, bt;
+ char *p;
int error;
- size_t len;
- len = 0;
- for (p = s; ;p++) {
- if (copyin(p, &bt, 1))
- return NULL;
- len++;
- if (maxlen && len > maxlen)
- return NULL;
- if (bt == 0)
- break;
- }
- p = malloc(len, M_SMBSTR, M_WAITOK);
- error = copyin(s, p, len);
+ p = malloc(maxlen + 1, M_SMBSTR, M_WAITOK);
+ error = copyinstr(s, p, maxlen + 1, NULL);
if (error) {
free(p, M_SMBSTR);
return (NULL);
OpenPOWER on IntegriCloud