From 0104d652e0973002606a0e4929f1dc7cae18fbaa Mon Sep 17 00:00:00 2001 From: ngie Date: Fri, 13 May 2016 08:41:09 +0000 Subject: [PATCH] MFC r298337: r298337 (by cem): pty(4): Use strlcpy to guarantee destination buffer isn't overrun The devtoname() name is strcpyed into a small stack buffer. Sure, we always expect the name to be ttyXX (or ptyXX). If that's the case, strlcpy() doesn't hurt. CID: 1006768 git-svn-id: svn://svn.freebsd.org/base/stable/10@299623 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/dev/pty/pty.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/pty/pty.c b/sys/dev/pty/pty.c index e38ed6924..5036cb292 100644 --- a/sys/dev/pty/pty.c +++ b/sys/dev/pty/pty.c @@ -67,7 +67,7 @@ ptydev_fdopen(struct cdev *dev, int fflags, struct thread *td, struct file *fp) return (EBUSY); /* Generate device name and create PTY. */ - strcpy(name, devtoname(dev)); + strlcpy(name, devtoname(dev), sizeof(name)); name[0] = 't'; error = pts_alloc_external(fflags & (FREAD|FWRITE), td, fp, dev, name); -- 2.45.0