[src/trunk]: src/sys/kern Restrict the size given to copyoutstr. It is safer ...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/eb96d93cfec4
branches:  trunk
changeset: 461708:eb96d93cfec4
user:      maxv <maxv%NetBSD.org@localhost>
date:      Mon Jul 01 17:15:43 2019 +0000

description:
Restrict the size given to copyoutstr. It is safer to do that; even if
there is no actual bug here, since the buffer is guaranteed to be NUL
terminated.

With KASAN we check the whole buffer to cover the "worst" case, and here
it triggered false positives because the buffer size was not filtered.

diffstat:

 sys/kern/sys_lwp.c |  9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diffs (37 lines):

diff -r 3f32211e43f1 -r eb96d93cfec4 sys/kern/sys_lwp.c
--- a/sys/kern/sys_lwp.c        Mon Jul 01 07:57:01 2019 +0000
+++ b/sys/kern/sys_lwp.c        Mon Jul 01 17:15:43 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sys_lwp.c,v 1.67 2019/05/03 22:34:21 kamil Exp $       */
+/*     $NetBSD: sys_lwp.c,v 1.68 2019/07/01 17:15:43 maxv Exp $        */
 
 /*-
  * Copyright (c) 2001, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.67 2019/05/03 22:34:21 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.68 2019/07/01 17:15:43 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -839,6 +839,7 @@
        } */
        char name[MAXCOMLEN];
        lwpid_t target;
+       size_t len;
        proc_t *p;
        lwp_t *t;
 
@@ -859,7 +860,9 @@
        lwp_unlock(t);
        mutex_exit(p->p_lock);
 
-       return copyoutstr(name, SCARG(uap, name), SCARG(uap, len), NULL);
+       len = uimin(SCARG(uap, len), sizeof(name));
+
+       return copyoutstr(name, SCARG(uap, name), len, NULL);
 }
 
 int