On Sat, Mar 28, 2020 at 06:47:47PM -0600, Theo de Raadt wrote:
> Or strncpy with length - 1 would be also good, since it won't copy
> foo\0bar\0
> fully, but only
> foo\0
> into the buffer and store it as
> foo\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
> and gaurantee the \0 on the in-kernel buffer.
Agree, this sound even better.
Index: vmm.c
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v
retrieving revision 1.268
diff -u -p -r1.268 vmm.c
--- vmm.c 16 Mar 2020 08:21:16 -0000 1.268
+++ vmm.c 29 Mar 2020 00:52:05 -0000
@@ -1167,7 +1167,7 @@ vm_create(struct vm_create_params *vcp,
memcpy(vm->vm_memranges, vcp->vcp_memranges,
vm->vm_nmemranges * sizeof(vm->vm_memranges[0]));
vm->vm_memory_size = memsize;
- strlcpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN);
+ strncpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN - 1);
rw_enter_write(&vmm_softc->vm_lock);
