HomeFreeBSD

Fix buffer overread in preloaded hostuuid parsing

Description

Fix buffer overread in preloaded hostuuid parsing

Commit b6be9566d236 stopped prison0_init writing outside of the
preloaded hostuuid's bounds. However, the preloaded data will not
(normally) have a NUL in it, and so validate_uuid will walk off the end
of the buffer in its call to sscanf. Previously if there was any
whitespace in the string we'd at least know there's a NUL one past the
end due to the off-by-one error, but now no such byte is guaranteed.

Fix this by copying to a temporary buffer and explicitly adding a NUL.

Whilst here, change the strlcpy call to use a far less suspicious
argument for dstsize; in practice it's fine, but it's an unusual pattern
and not necessary.

Found by: CHERI
Reviewed by: emaste, kevans, jhb
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D33616

(cherry picked from commit d2ef3774306c54f3999732fd02bdff39c6b4cf2a)

Details

Provenance
jrtc27Authored on Dec 22 2021, 4:47 PM
Reviewer
emaste
Differential Revision
D33616: Fix buffer overread in preloaded hostuuid parsing
Parents
rG5d10ed57e655: libc: Fix "harmless" iconv one-byte overread
Branches
Unknown
Tags
Unknown