Re: String functions considered unsafe in kernel

From: Ryan Stone <rysto32_at_gmail.com>
Date: Fri, 3 Sep 2021 13:45:41 -0400
It's straight-up a bug to do *anything* directly on a user-provided
string. You must use copyinstr to copy it into a kernel buffer first,
which guarantees null termination.  In legacy cases where a user
provided buffer could be legitimately not null-terminated, such as in
a struct sockaddr_un, developers must take care to null-terminate the
string themselves after copyin.
Received on Fri Sep 03 2021 - 17:45:41 UTC

Original text of this message