FreeBSD Bugzilla – Attachment 204976 Details for
Bug 238486
Possible buffer overflow bug in sc_allocate_keyboard() of sys/dev/syscons/syscons.c
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch
0001-syscons-fix-potential-buffer-overflow.patch (text/plain), 922 bytes, created by
Young
on 2019-06-11 07:48:37 UTC
(
hide
)
Description:
Proposed patch
Filename:
MIME Type:
Creator:
Young
Created:
2019-06-11 07:48:37 UTC
Size:
922 bytes
patch
obsolete
>From 00c27f542c096ad09c41dac95551346a2208e7f0 Mon Sep 17 00:00:00 2001 >From: Young Xiao <92siuyang@gmail.com> >Date: Tue, 11 Jun 2019 15:37:37 +0800 >Subject: [PATCH] syscons: fix potential buffer overflow > >Use strncpy() to copy into a fixed-size buffer instead of >using strcpy. > >Signed-off-by: Young Xiao <92siuyang@gmail.com> >--- > sys/dev/syscons/syscons.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/sys/dev/syscons/syscons.c b/sys/dev/syscons/syscons.c >index 278c3c8..2ba832e 100644 >--- a/sys/dev/syscons/syscons.c >+++ b/sys/dev/syscons/syscons.c >@@ -4262,7 +4262,8 @@ sc_allocate_keyboard(sc_softc_t *sc, int unit) > continue; > > bzero(&ki, sizeof(ki)); >- strcpy(ki.kb_name, k->kb_name); >+ strncpy(ki.kb_name, k->kb_name, sizeof(ki.kb_name)); >+ ki.kb_name[sizeof(ki.kb_name) - 1] = '\0'; > ki.kb_unit = k->kb_unit; > > (void)kbdd_ioctl(k0, KBADDKBD, (caddr_t) &ki); >-- >2.7.4 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 238486
: 204976