From fe9825745fcfd8a9662704e611007570a1ca1387 Mon Sep 17 00:00:00 2001 From: asomers Date: Tue, 9 Jun 2015 19:41:16 +0000 Subject: MFC r283115 Properly null-terminate strings in a kernel dump header. A version string longer than 192 bytes will cause the version field of a dump header to overflow. strncpy doesn't null terminate it, so savecore will print a corrupted info file. Using strlcpy fixes the bug. --- sys/kern/kern_shutdown.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c index be91a2d..f3b3c30 100644 --- a/sys/kern/kern_shutdown.c +++ b/sys/kern/kern_shutdown.c @@ -882,16 +882,16 @@ mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver, { bzero(kdh, sizeof(*kdh)); - strncpy(kdh->magic, magic, sizeof(kdh->magic)); - strncpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); + strlcpy(kdh->magic, magic, sizeof(kdh->magic)); + strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); kdh->version = htod32(KERNELDUMPVERSION); kdh->architectureversion = htod32(archver); kdh->dumplength = htod64(dumplen); kdh->dumptime = htod64(time_second); kdh->blocksize = htod32(blksz); - strncpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); - strncpy(kdh->versionstring, version, sizeof(kdh->versionstring)); + strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); + strlcpy(kdh->versionstring, version, sizeof(kdh->versionstring)); if (panicstr != NULL) - strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); + strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); kdh->parity = kerneldump_parity(kdh); } -- cgit v1.1