diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2021-03-28 15:08:36 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2021-03-31 13:16:51 +0000 |
| commit | f9fcb518e7289489d8fc577565f21f95a51a33cd (patch) | |
| tree | 2b09f9aa9fdf021e0ba39e6a97f264c58a98b4ab | |
| parent | f8d706fdd106f94ca048d809d504fef651d4a23e (diff) | |
| download | src-f9fcb518e7289489d8fc577565f21f95a51a33cd.tar.gz src-f9fcb518e7289489d8fc577565f21f95a51a33cd.zip | |
Fix several dev_clone callbacks to avoid out-of-bounds reads
Use strncmp() instead of bcmp(), so that we don't have to find the
minimum of the string lengths before comparing.
Reviewed by: kib
Reported by: KASAN
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29463
(cherry picked from commit 3428b6c050d102ba7f95514b29f4f5685d76b645)
| -rw-r--r-- | sys/dev/sound/pcm/dsp.c | 3 | ||||
| -rw-r--r-- | sys/kern/kern_conf.c | 2 |
2 files changed, 2 insertions, 3 deletions
diff --git a/sys/dev/sound/pcm/dsp.c b/sys/dev/sound/pcm/dsp.c index 100fe452d52b..7a3187807fa1 100644 --- a/sys/dev/sound/pcm/dsp.c +++ b/sys/dev/sound/pcm/dsp.c @@ -2295,8 +2295,7 @@ dsp_stdclone(char *name, char *namep, char *sep, int use_sep, int *u, int *c) size_t len; len = strlen(namep); - - if (bcmp(name, namep, len) != 0) + if (strncmp(name, namep, len) != 0) return (ENODEV); name += len; diff --git a/sys/kern/kern_conf.c b/sys/kern/kern_conf.c index 089ec5bd6c3f..e1c67876241f 100644 --- a/sys/kern/kern_conf.c +++ b/sys/kern/kern_conf.c @@ -1256,7 +1256,7 @@ dev_stdclone(char *name, char **namep, const char *stem, int *unit) int u, i; i = strlen(stem); - if (bcmp(stem, name, i) != 0) + if (strncmp(stem, name, i) != 0) return (0); if (!isdigit(name[i])) return (0); |