Re: String functions considered unsafe in kernel

It's straight-up a bug to do *anything* directly on a user-provided
string. You must use copyinstr to copy it into a kernel buffer first,
which guarantees null termination.  In legacy cases where a user
provided buffer could be legitimately not null-terminated, such as in
a struct sockaddr_un, developers must take care to null-terminate the
string themselves after copyin.