> On Mar 29, 2025, at 9:38 PM, Taylor R Campbell <riastradh%netbsd.org@localhost> wrote: > > This is still broken: now it doesn't read past the end the input > buffer, but it leaves the bytes bi->bi_msg[rem], bi->bi_msg[rem + 1], > bi->bi_msg[rem + 2] ..., bi->bi_msg[sizeof(bi->bi_msg) - 2] > uninitialized, and will later dump this uninitialized heap data into > syslog. > > I suggest you try the code I already suggested in my previous message: > > rem = MIN(sizeof(bi->bi_msg) - 1, rem); > memcpy(bi->bi_msg, ub.bl.bl_data, rem); > bi->bi_msg[rem] = '\0'; > > This will initialize bi->bi_msg[0], bi->bi_msg[1], bi->bi_msg[2], ..., > bi->bi_msg[rem - 2], bi->bi_msg[rem - 1], and bi->bi_msg[rem], with > the last one being the NUL terminator. So nothing that goes out on > syslog will be uninitialized heap data. > > And, please, cite the PR in the commit message like I _just asked_ in > my previous message, so we can track these changes for pullup to 9 and > 10. Changed and referenced the PR, but I don't think it makes a difference since the while bl structure is already memset(0). Perhaps I should remove all the '\0' assignments and leave a comment as kre@ suggested. christos
Attachment:
signature.asc
Description: Message signed with OpenPGP