aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Johnston <markj@FreeBSD.org>2021-03-28 15:08:36 +0000
committerMark Johnston <markj@FreeBSD.org>2021-03-28 15:08:36 +0000
commit3428b6c050d102ba7f95514b29f4f5685d76b645 (patch)
tree410bcecaebc37e5c1de220bdc0589391e0a27c53
parent1c1ff7979571bf07c05a48e857b7b285b037410f (diff)
downloadsrc-3428b6c050d102ba7f95514b29f4f5685d76b645.tar.gz
src-3428b6c050d102ba7f95514b29f4f5685d76b645.zip
Fix several dev_clone callbacks to avoid out-of-bounds reads
Use strncmp() instead of bcmp(), so that we don't have to find the minimum of the string lengths before comparing. Reviewed by: kib Reported by: KASAN MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29463
-rw-r--r--sys/dev/sound/pcm/dsp.c3
-rw-r--r--sys/kern/kern_conf.c2
2 files changed, 2 insertions, 3 deletions
diff --git a/sys/dev/sound/pcm/dsp.c b/sys/dev/sound/pcm/dsp.c
index 0593a585b0fd..cce05f4ecf37 100644
--- a/sys/dev/sound/pcm/dsp.c
+++ b/sys/dev/sound/pcm/dsp.c
@@ -2294,8 +2294,7 @@ dsp_stdclone(char *name, char *namep, char *sep, int use_sep, int *u, int *c)
size_t len;
len = strlen(namep);
-
- if (bcmp(name, namep, len) != 0)
+ if (strncmp(name, namep, len) != 0)
return (ENODEV);
name += len;
diff --git a/sys/kern/kern_conf.c b/sys/kern/kern_conf.c
index 29103f83c049..3a07c95e74d0 100644
--- a/sys/kern/kern_conf.c
+++ b/sys/kern/kern_conf.c
@@ -1255,7 +1255,7 @@ dev_stdclone(char *name, char **namep, const char *stem, int *unit)
int u, i;
i = strlen(stem);
- if (bcmp(stem, name, i) != 0)
+ if (strncmp(stem, name, i) != 0)
return (0);
if (!isdigit(name[i]))
return (0);