Fixed a bug in kstrncpy() that caused mayhem whenever the buffer to be

copied into was the same size as the source string - it will keep on filling with zeroes forever. This was a signed/unsigned bug, fixed by making the kstrncpy argument ssize_t instead of size_t. This bug was triggered by Chris Young <teddga@earthlink.net>, by dazzling coincedence - changing OS_VERSION into something with one more character (exactly the same size as the buffer in the kinfo struct). Also noticed that the kstrncpy() call didn't null-terminate the strings if necessary, also fixed.
2005-07-13 14:46:11 +00:00 · 2005-07-13 14:46:11 +00:00 · f96645a4eb
parent 0f746219fc
commit f96645a4eb
3 changed files with 6 additions and 4 deletions
--- a/kernel/klibc.c
+++ b/kernel/klibc.c
@ -214,7 +214,7 @@ PUBLIC int kstrncmp(register const char *s1, register const char *s2, register s
 /*=========================================================================*
 *				kstrncpy				   *
 *=========================================================================*/
-PUBLIC char *kstrncpy(char *ret, register const char *s2, register size_t n)
+PUBLIC char *kstrncpy(char *ret, register const char *s2, register ssize_t n)
 {
  register char *s1 = ret;
  while((n-- > 0) && (*s1++ = *s2++)) 	/* copy up to n chars */
--- a/kernel/proto.h
+++ b/kernel/proto.h
@ -24,7 +24,7 @@ _PROTOTYPE( size_t kstrlen, (const char *s));
 _PROTOTYPE( int kstrncmp,
 	(register const char *s1, register const char *s2, register size_t n));
 _PROTOTYPE( char *kstrncpy, 
-	(char *s1, register const char *s2, register const size_t n));
+	(char *s1, register const char *s2, register const ssize_t n));
 #define karg(arg) (karg_t) (arg)
 _PROTOTYPE( void kprintf, (const char *fmt, karg_t arg)			);

--- a/kernel/start.c
+++ b/kernel/start.c
@ -55,8 +55,10 @@ U16_t parmoff, parmsize;	/* boot parameters offset and length */
  /* Record miscellaneous information for user-space servers. */
  kinfo.nr_procs = NR_PROCS;
  kinfo.nr_tasks = NR_TASKS;
-  kstrncpy(kinfo.release, OS_RELEASE, 4);
-  kstrncpy(kinfo.version, OS_VERSION, 4);
+  kstrncpy(kinfo.release, OS_RELEASE, sizeof(kinfo.release));
+  kinfo.release[sizeof(kinfo.release)-1] = '\0';
+  kstrncpy(kinfo.version, OS_VERSION, sizeof(kinfo.version));
+  kinfo.version[sizeof(kinfo.version)-1] = '\0';
  kinfo.proc_addr = (vir_bytes) proc;
  kinfo.kmem_base = vir2phys(0);
  kinfo.kmem_size = (phys_bytes) &end;