From a661f652ad42ad9b26c5a3ef8344be510bad0693 Mon Sep 17 00:00:00 2001 From: jhb Date: Fri, 23 Oct 2009 15:14:54 +0000 Subject: - Fix several off-by-one errors when using MAXCOMLEN. The p_comm[] and td_name[] arrays are actually MAXCOMLEN + 1 in size and a few places that created shadow copies of these arrays were just using MAXCOMLEN. - Prefer using sizeof() of an array type to explicit constants for the array length in a few places. - Ensure that all of p_comm[] and td_name[] is always zero'd during execve() to guard against any possible information leaks. Previously trailing garbage in p_comm[] could be leaked to userland in ktrace record headers via td_name[]. Reviewed by: bde --- sys/kern/subr_bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sys/kern/subr_bus.c') diff --git a/sys/kern/subr_bus.c b/sys/kern/subr_bus.c index 0c97aa3..0e3ef80 100644 --- a/sys/kern/subr_bus.c +++ b/sys/kern/subr_bus.c @@ -3861,8 +3861,8 @@ int bus_describe_intr(device_t dev, struct resource *irq, void *cookie, const char *fmt, ...) { - char descr[MAXCOMLEN]; va_list ap; + char descr[MAXCOMLEN + 1]; if (dev->parent == NULL) return (EINVAL); -- cgit v1.1