From f313c57d47541a48ff1fb42315630e85797d3d5e Mon Sep 17 00:00:00 2001
From: phk <phk@FreeBSD.org>
Date: Tue, 4 Feb 2003 11:04:26 +0000
Subject: Implement proper bounds-checking and truncation of device names, this
 has become an issue now that end-user controlable attributes can become
 devices names with the geom_vol_ffs class.

---
 sys/kern/kern_conf.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/sys/kern/kern_conf.c b/sys/kern/kern_conf.c
index e405d11..302a8bb 100644
--- a/sys/kern/kern_conf.c
+++ b/sys/kern/kern_conf.c
@@ -270,8 +270,11 @@ make_dev(struct cdevsw *devsw, int minor, uid_t uid, gid_t gid, int perms, const
 		return (dev);
 	}
 	va_start(ap, fmt);
-	i = kvprintf(fmt, NULL, dev->si_name, 32, ap);
-	dev->si_name[i] = '\0';
+	i = vsnrprintf(dev->__si_namebuf, sizeof dev->__si_namebuf, 32, fmt, ap);
+	if (i > (sizeof dev->__si_namebuf - 1)) {
+		printf("WARNING: Device name truncated! (%s)", 
+		    dev->__si_namebuf);
+	}
 	va_end(ap);
 	dev->si_devsw = devsw;
 	dev->si_uid = uid;
@@ -318,8 +321,11 @@ make_dev_alias(dev_t pdev, const char *fmt, ...)
 	dev->si_flags |= SI_NAMED;
 	dev_depends(pdev, dev);
 	va_start(ap, fmt);
-	i = kvprintf(fmt, NULL, dev->si_name, 32, ap);
-	dev->si_name[i] = '\0';
+	i = vsnrprintf(dev->__si_namebuf, sizeof dev->__si_namebuf, 32, fmt, ap);
+	if (i > (sizeof dev->__si_namebuf - 1)) {
+		printf("WARNING: Device name truncated! (%s)", 
+		    dev->__si_namebuf);
+	}
 	va_end(ap);
 
 	if (devfs_create_hook)
-- 
cgit v1.1