[src/trunk]: src/sys/kern Restrict the size given to copyoutstr. It is safer ...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/f2af4efbf4fb
branches:  trunk
changeset: 457542:f2af4efbf4fb
user:      maxv <maxv%NetBSD.org@localhost>
date:      Mon Jul 01 17:15:43 2019 +0000

description:
Restrict the size given to copyoutstr. It is safer to do that; even if
there is no actual bug here, since the buffer is guaranteed to be NUL
terminated.

With KASAN we check the whole buffer to cover the "worst" case, and here
it triggered false positives because the buffer size was not filtered.

diffstat:

 sys/kern/sys_lwp.c |  9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diffs (37 lines):

diff -r bfc360e2c717 -r f2af4efbf4fb sys/kern/sys_lwp.c
--- a/sys/kern/sys_lwp.c        Mon Jul 01 07:57:01 2019 +0000
+++ b/sys/kern/sys_lwp.c        Mon Jul 01 17:15:43 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: sys_lwp.c,v 1.67 2019/05/03 22:34:21 kamil Exp $       */
+/*     $NetBSD: sys_lwp.c,v 1.68 2019/07/01 17:15:43 maxv Exp $        */
 
 /*-
  * Copyright (c) 2001, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.67 2019/05/03 22:34:21 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sys_lwp.c,v 1.68 2019/07/01 17:15:43 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -839,6 +839,7 @@
        } */
        char name[MAXCOMLEN];
        lwpid_t target;
+       size_t len;
        proc_t *p;
        lwp_t *t;
 
@@ -859,7 +860,9 @@
        lwp_unlock(t);
        mutex_exit(p->p_lock);
 
-       return copyoutstr(name, SCARG(uap, name), SCARG(uap, len), NULL);
+       len = uimin(SCARG(uap, len), sizeof(name));
+
+       return copyoutstr(name, SCARG(uap, name), len, NULL);
 }
 
 int