Fixed a bug in kstrncpy() that caused mayhem whenever the buffer to be

copied into was the same size as the source string - it will keep on
filling with zeroes forever. This was a signed/unsigned bug, fixed by
making the kstrncpy argument ssize_t instead of size_t. This bug was
triggered by Chris Young <teddga@earthlink.net>, by dazzling coincedence -
changing OS_VERSION into something with one more character (exactly the
same size as the buffer in the kinfo struct).

Also noticed that the kstrncpy() call didn't null-terminate the strings
if necessary, also fixed.

diff --git a/kernel/klibc.c b/kernel/klibc.c
index 7d8bb8167565339a4f8c21065b3a2d1c536fafd0..e960b8534d440bdffeb9c224aebac15b990014ef 100644 (file)
--- a/kernel/klibc.c
+++ b/kernel/klibc.c
@@ -214,7 +214,7 @@ PUBLIC int kstrncmp(register const char *s1, register const char *s2, register s
 /*=========================================================================*
  *                             kstrncpy                                   *
  *=========================================================================*/
-PUBLIC char *kstrncpy(char *ret, register const char *s2, register size_t n)
+PUBLIC char *kstrncpy(char *ret, register const char *s2, register ssize_t n)
 {
   register char *s1 = ret;
   while((n-- > 0) && (*s1++ = *s2++))  /* copy up to n chars */

diff --git a/kernel/proto.h b/kernel/proto.h
index 3ad557672a747b3f031e7805e2707881d9495b03..b26a21a0e74173d8b4eeea4610013089e40bd555 100755 (executable)
--- a/kernel/proto.h
+++ b/kernel/proto.h
@@ -24,7 +24,7 @@ _PROTOTYPE( size_t kstrlen, (const char *s));
 _PROTOTYPE( int kstrncmp,
        (register const char *s1, register const char *s2, register size_t n));
 _PROTOTYPE( char *kstrncpy, 
-       (char *s1, register const char *s2, register const size_t n));
+       (char *s1, register const char *s2, register const ssize_t n));
 #define karg(arg) (karg_t) (arg)
 _PROTOTYPE( void kprintf, (const char *fmt, karg_t arg)                        );
 

diff --git a/kernel/start.c b/kernel/start.c
index 7ef1c131c71b7bafecd5a65931e1a83c31ec5efa..bf82c6f92a379a2b6300d9cbd23a5a76125320be 100755 (executable)
--- a/kernel/start.c
+++ b/kernel/start.c
@@ -55,8 +55,10 @@ U16_t parmoff, parmsize;     /* boot parameters offset and length */
   /* Record miscellaneous information for user-space servers. */
   kinfo.nr_procs = NR_PROCS;
   kinfo.nr_tasks = NR_TASKS;
-  kstrncpy(kinfo.release, OS_RELEASE, 4);
-  kstrncpy(kinfo.version, OS_VERSION, 4);
+  kstrncpy(kinfo.release, OS_RELEASE, sizeof(kinfo.release));
+  kinfo.release[sizeof(kinfo.release)-1] = '\0';
+  kstrncpy(kinfo.version, OS_VERSION, sizeof(kinfo.version));
+  kinfo.version[sizeof(kinfo.version)-1] = '\0';
   kinfo.proc_addr = (vir_bytes) proc;
   kinfo.kmem_base = vir2phys(0);
   kinfo.kmem_size = (phys_bytes) &end;