MFC r324102 (by cem):

netsmb: Fix buggy/racy smb_strdupin() PR: 222687
author: markj <markj@FreeBSD.org> 2018-04-01 16:43:30 +0000
committer: markj <markj@FreeBSD.org> 2018-04-01 16:43:30 +0000
commit: a1c64456d5ecd840ad9ac697501f01503909dc4c (patch)
tree: 6230463ac793d939eab680608ba1715a2defbbd9 /sys/netsmb/smb_subr.c
parent: 99173bf883f7458d69defec08d49161954c5067c (diff)
download: FreeBSD-src-a1c64456d5ecd840ad9ac697501f01503909dc4c.zip
FreeBSD-src-a1c64456d5ecd840ad9ac697501f01503909dc4c.tar.gz
1 files changed, 3 insertions, 14 deletions
diff --git a/sys/netsmb/smb_subr.c b/sys/netsmb/smb_subr.c
index 2992f99..c4b9730 100644
--- a/sys/netsmb/smb_subr.c
+++ b/sys/netsmb/smb_subr.c
@@ -110,22 +110,11 @@ smb_strdup(const char *s)
 char *
 smb_strdupin(char *s, size_t maxlen)
 {
-	char *p, bt;
+	char *p;
 	int error;
-	size_t len;
 
-	len = 0;
-	for (p = s; ;p++) {
-		if (copyin(p, &bt, 1))
-			return NULL;
-		len++;
-		if (maxlen && len > maxlen)
-			return NULL;
-		if (bt == 0)
-			break;
-	}
-	p = malloc(len, M_SMBSTR, M_WAITOK);
-	error = copyin(s, p, len);
+	p = malloc(maxlen + 1, M_SMBSTR, M_WAITOK);
+	error = copyinstr(s, p, maxlen + 1, NULL);
 	if (error) {
 		free(p, M_SMBSTR);
 		return (NULL);
author	markj <markj@FreeBSD.org>	2018-04-01 16:43:30 +0000
committer	markj <markj@FreeBSD.org>	2018-04-01 16:43:30 +0000
commit	a1c64456d5ecd840ad9ac697501f01503909dc4c (patch)
tree	6230463ac793d939eab680608ba1715a2defbbd9 /sys/netsmb/smb_subr.c
parent	99173bf883f7458d69defec08d49161954c5067c (diff)
download	FreeBSD-src-a1c64456d5ecd840ad9ac697501f01503909dc4c.zip FreeBSD-src-a1c64456d5ecd840ad9ac697501f01503909dc4c.tar.gz