[Midnightbsd-cvs] src [6926] trunk/sys/kern/kern_prot.c: dont leak kernel memory with setlogin call

[laffer1 at midnightbsd.org]

Revision: 6926
          http://svnweb.midnightbsd.org/src/?rev=6926
Author:   laffer1
Date:     2014-11-04 22:39:25 -0500 (Tue, 04 Nov 2014)
Log Message:
-----------
dont leak kernel memory with setlogin call

Modified Paths:
--------------
    trunk/sys/kern/kern_prot.c

Modified: trunk/sys/kern/kern_prot.c
===================================================================
--- trunk/sys/kern/kern_prot.c	2014-11-05 03:37:38 UTC (rev 6925)
+++ trunk/sys/kern/kern_prot.c	2014-11-05 03:39:25 UTC (rev 6926)
@@ -2073,19 +2073,20 @@
 int
 sys_getlogin(struct thread *td, struct getlogin_args *uap)
 {
-	int error;
 	char login[MAXLOGNAME];
 	struct proc *p = td->td_proc;
+	size_t len;
 
 	if (uap->namelen > MAXLOGNAME)
 		uap->namelen = MAXLOGNAME;
 	PROC_LOCK(p);
 	SESS_LOCK(p->p_session);
-	bcopy(p->p_session->s_login, login, uap->namelen);
+	len = strlcpy(login, p->p_session->s_login, uap->namelen) + 1;
 	SESS_UNLOCK(p->p_session);
 	PROC_UNLOCK(p);
-	error = copyout(login, uap->namebuf, uap->namelen);
-	return(error);
+	if (len > uap->namelen)
+		return (ERANGE);
+	return (copyout(login, uap->namebuf, len));
 }
 
 /*
@@ -2104,21 +2105,23 @@
 	int error;
 	char logintmp[MAXLOGNAME];
 
+	CTASSERT(sizeof(p->p_session->s_login) >= sizeof(logintmp));
+
 	error = priv_check(td, PRIV_PROC_SETLOGIN);
 	if (error)
 		return (error);
 	error = copyinstr(uap->namebuf, logintmp, sizeof(logintmp), NULL);
-	if (error == ENAMETOOLONG)
-		error = EINVAL;
-	else if (!error) {
-		PROC_LOCK(p);
-		SESS_LOCK(p->p_session);
-		(void) memcpy(p->p_session->s_login, logintmp,
-		    sizeof(logintmp));
-		SESS_UNLOCK(p->p_session);
-		PROC_UNLOCK(p);
+	if (error != 0) {
+		if (error == ENAMETOOLONG)
+			error = EINVAL;
+		return (error);
 	}
-	return (error);
+	PROC_LOCK(p);
+	SESS_LOCK(p->p_session);
+	strcpy(p->p_session->s_login, logintmp);
+	SESS_UNLOCK(p->p_session);
+	PROC_UNLOCK(p);
+	return (0);
 }
 
 void