svn commit: r319487 - head/usr.sbin/bhyve
Peter Grehan
grehan at freebsd.org
Sat Jun 10 18:14:36 UTC 2017
Hi Conrad,
> Here, keystr is not zero initialized....
> Note that strncpy below does not fill the remainder of the buffer with
> nuls if rc->password is shorter than 7 characters.
>
>> + * The client then sends the resulting 16-bytes response.
>> + */
>> +#ifndef NO_OPENSSL
>> + strncpy(keystr, rc->password, PASSWD_LENGTH);
strncpy() is specified to zero-fill if the source is shorter than the
length. Are we missing something ?
The other issues you brought up look valid.
later,
Peter.
More information about the svn-src-all
mailing list