diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2021-03-28 15:08:36 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2021-03-31 13:15:58 +0000 |
| commit | 381ba4357c7452d9a5ee38832f0adf47b2428a48 (patch) | |
| tree | 1095da4f0c60d1a276d01cec843db777a70c3655 | |
| parent | e99aa5c2cf6b0eadcc29c62243d51de0eb36937c (diff) | |
| download | src-381ba4357c7452d9a5ee38832f0adf47b2428a48.tar.gz src-381ba4357c7452d9a5ee38832f0adf47b2428a48.zip | |
Fix several dev_clone callbacks to avoid out-of-bounds reads
Use strncmp() instead of bcmp(), so that we don't have to find the
minimum of the string lengths before comparing.
Reviewed by: kib
Reported by: KASAN
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29463
(cherry picked from commit 3428b6c050d102ba7f95514b29f4f5685d76b645)
| -rw-r--r-- | sys/dev/sound/pcm/dsp.c | 3 | ||||
| -rw-r--r-- | sys/kern/kern_conf.c | 2 |
2 files changed, 2 insertions, 3 deletions
diff --git a/sys/dev/sound/pcm/dsp.c b/sys/dev/sound/pcm/dsp.c index 0593a585b0fd..cce05f4ecf37 100644 --- a/sys/dev/sound/pcm/dsp.c +++ b/sys/dev/sound/pcm/dsp.c @@ -2294,8 +2294,7 @@ dsp_stdclone(char *name, char *namep, char *sep, int use_sep, int *u, int *c) size_t len; len = strlen(namep); - - if (bcmp(name, namep, len) != 0) + if (strncmp(name, namep, len) != 0) return (ENODEV); name += len; diff --git a/sys/kern/kern_conf.c b/sys/kern/kern_conf.c index 29103f83c049..3a07c95e74d0 100644 --- a/sys/kern/kern_conf.c +++ b/sys/kern/kern_conf.c @@ -1255,7 +1255,7 @@ dev_stdclone(char *name, char **namep, const char *stem, int *unit) int u, i; i = strlen(stem); - if (bcmp(stem, name, i) != 0) + if (strncmp(stem, name, i) != 0) return (0); if (!isdigit(name[i])) return (0); |