diff options
author | jhb <jhb@FreeBSD.org> | 2009-10-23 15:14:54 +0000 |
---|---|---|
committer | jhb <jhb@FreeBSD.org> | 2009-10-23 15:14:54 +0000 |
commit | a661f652ad42ad9b26c5a3ef8344be510bad0693 (patch) | |
tree | 57fba792ef7976f2978ea62c352da98e018bc872 /sys/kern/subr_taskqueue.c | |
parent | 9414145b47d76b8115568171eea860c7f0b4988d (diff) | |
download | FreeBSD-src-a661f652ad42ad9b26c5a3ef8344be510bad0693.zip FreeBSD-src-a661f652ad42ad9b26c5a3ef8344be510bad0693.tar.gz |
- Fix several off-by-one errors when using MAXCOMLEN. The p_comm[] and
td_name[] arrays are actually MAXCOMLEN + 1 in size and a few places that
created shadow copies of these arrays were just using MAXCOMLEN.
- Prefer using sizeof() of an array type to explicit constants for the
array length in a few places.
- Ensure that all of p_comm[] and td_name[] is always zero'd during
execve() to guard against any possible information leaks. Previously
trailing garbage in p_comm[] could be leaked to userland in ktrace
record headers via td_name[].
Reviewed by: bde
Diffstat (limited to 'sys/kern/subr_taskqueue.c')
-rw-r--r-- | sys/kern/subr_taskqueue.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/kern/subr_taskqueue.c b/sys/kern/subr_taskqueue.c index 22c1809..8405b3d 100644 --- a/sys/kern/subr_taskqueue.c +++ b/sys/kern/subr_taskqueue.c @@ -301,7 +301,7 @@ taskqueue_start_threads(struct taskqueue **tqp, int count, int pri, struct thread *td; struct taskqueue *tq; int i, error; - char ktname[MAXCOMLEN]; + char ktname[MAXCOMLEN + 1]; if (count <= 0) return (EINVAL); @@ -309,7 +309,7 @@ taskqueue_start_threads(struct taskqueue **tqp, int count, int pri, tq = *tqp; va_start(ap, name); - vsnprintf(ktname, MAXCOMLEN, name, ap); + vsnprintf(ktname, sizeof(ktname), name, ap); va_end(ap); tq->tq_threads = malloc(sizeof(struct thread *) * count, M_TASKQUEUE, |