Page MenuHomeFreeBSD

Properly null-terminate strings in a kernel dump header
ClosedPublic

Authored by asomers on May 15 2015, 10:30 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jul 4, 7:03 AM
Unknown Object (File)
Fri, Jul 3, 12:29 PM
Unknown Object (File)
Thu, Jul 2, 10:50 PM
Unknown Object (File)
Thu, Jul 2, 4:10 PM
Unknown Object (File)
Wed, Jul 1, 9:22 AM
Unknown Object (File)
Apr 21 2026, 2:34 AM
Unknown Object (File)
Apr 20 2026, 3:10 AM
Unknown Object (File)
Apr 20 2026, 3:10 AM
Subscribers

Details

Summary

A version string longer than 192 bytes will cause the version field of
a dump header to overflow. strncpy doesn't null terminate it, so savecore will
print a corrupted info file. Using strlcpy fixes the bug.

Test Plan

Build a kernel with a very long version string and use it to
generate a panic, then dump core. Check that the Panic String is not embedded
at the end of the Version String line.Version String line.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

asomers retitled this revision from to Properly null-terminate strings in a kernel dump header.
asomers updated this object.
asomers edited the test plan for this revision. (Show Details)
asomers added a reviewer: markj.
asomers added a subscriber: peter.
markj edited edge metadata.
This revision is now accepted and ready to land.May 15 2015, 10:58 PM
This revision was automatically updated to reflect the committed changes.