diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-03-29 11:34:31 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-03-29 11:34:31 +0000 |
| commit | 9b091ce074ea218c087337d6a0c2988b56bd013c (patch) | |
| tree | b755e3454a796c76fc4b14ba980b4e0448809af5 | |
| parent | 1b11556ef2a894817f49242bbe7495f926e3390c (diff) | |
Prevent out of bounds read in strlcpy due to vcp_name not being NUL-terminated.
Reported-by: syzbot+48e38ebd31c030b5841c@syzkaller.appspotmail.com
Found by Greg Steuck <greg (at) nest (dot) cx>
Discussed with deraadt@
| -rw-r--r-- | sys/arch/amd64/amd64/vmm.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/arch/amd64/amd64/vmm.c b/sys/arch/amd64/amd64/vmm.c index 6a5a5662b77..b0a08291108 100644 --- a/sys/arch/amd64/amd64/vmm.c +++ b/sys/arch/amd64/amd64/vmm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm.c,v 1.268 2020/03/16 08:21:16 jasper Exp $ */ +/* $OpenBSD: vmm.c,v 1.269 2020/03/29 11:34:30 tobhe Exp $ */ /* * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org> * @@ -1167,7 +1167,7 @@ vm_create(struct vm_create_params *vcp, struct proc *p) memcpy(vm->vm_memranges, vcp->vcp_memranges, vm->vm_nmemranges * sizeof(vm->vm_memranges[0])); vm->vm_memory_size = memsize; - strlcpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN); + strncpy(vm->vm_name, vcp->vcp_name, VMM_MAX_NAME_LEN - 1); rw_enter_write(&vmm_softc->vm_lock); |