strscpy: zero any trailing garbage bytes in the destination

It's possible that the destination can be shadowed in userspace (as, for example, the perf buffers are now). So we should take care not to leak data that could be inspected by userspace. Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
author: Chris Metcalf <cmetcalf@ezchip.com> 2015-10-06 12:37:41 -0400
committer: Chris Metcalf <cmetcalf@ezchip.com> 2015-10-06 14:53:18 -0400
commit: 990486c8af044f89bddfbde1d1cf9fde449bedbf (patch)
tree: 145c16309dfc5586b5120d7b7c7d585337e8d5d1 /lib/string.c
parent: c753bf34c94e5ac901e625e52f47320eeec4de2d (diff)
download: op-kernel-dev-990486c8af044f89bddfbde1d1cf9fde449bedbf.zip
op-kernel-dev-990486c8af044f89bddfbde1d1cf9fde449bedbf.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/string.c b/lib/string.c
index 8dbb7b1..84775ba 100644
--- a/lib/string.c
+++ b/lib/string.c
@@ -203,12 +203,13 @@ ssize_t strscpy(char *dest, const char *src, size_t count)
 		unsigned long c, data;
 
 		c = *(unsigned long *)(src+res);
-		*(unsigned long *)(dest+res) = c;
 		if (has_zero(c, &data, &constants)) {
 			data = prep_zero_mask(c, data, &constants);
 			data = create_zero_mask(data);
+			*(unsigned long *)(dest+res) = c & zero_bytemask(data);
 			return res + find_zero(data);
 		}
+		*(unsigned long *)(dest+res) = c;
 		res += sizeof(unsigned long);
 		count -= sizeof(unsigned long);
 		max -= sizeof(unsigned long);
author	Chris Metcalf <cmetcalf@ezchip.com>	2015-10-06 12:37:41 -0400
committer	Chris Metcalf <cmetcalf@ezchip.com>	2015-10-06 14:53:18 -0400
commit	990486c8af044f89bddfbde1d1cf9fde449bedbf (patch)
tree	145c16309dfc5586b5120d7b7c7d585337e8d5d1 /lib/string.c
parent	c753bf34c94e5ac901e625e52f47320eeec4de2d (diff)
download	op-kernel-dev-990486c8af044f89bddfbde1d1cf9fde449bedbf.zip op-kernel-dev-990486c8af044f89bddfbde1d1cf9fde449bedbf.tar.gz