linux-user: Don't write off end of new_utsname buffer

Use g_strlcpy() rather than strcpy() to copy the uname string into the structure we return to the guest for the uname syscall. This avoids overrunning the buffer if the user passed us an overlong string via the QEMU command line. We fix a comment typo while we're in the neighbourhood. Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org>

linux-user: Don't write off end of new_utsname buffer
Use g_strlcpy() rather than strcpy() to copy the uname string into the structure we return to the guest for the uname syscall. This avoids overrunning the buffer if the user passed us an overlong string via the QEMU command line. We fix a comment typo while we're in the neighbourhood. Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org>
332c9781 · Peter Maydell · Riku Voipio · ba4b3f66 · 332c9781
隐藏空白更改
内联并排

Showing with 5 addition and 3 deletion

linux-user/syscall.c linux-user/syscall.c +5 -3

未找到文件。
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9237,12 +9237,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                goto efault;
            ret = get_errno(sys_uname(buf));
            if (!is_error(ret)) {
-                /* Overrite the native machine name with whatever is being
+                /* Overwrite the native machine name with whatever is being
                   emulated. */
                strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
                /* Allow the user to override the reported release.  */
-                if (qemu_uname_release && *qemu_uname_release)
-                  strcpy (buf->release, qemu_uname_release);
+                if (qemu_uname_release && *qemu_uname_release) {
+                    g_strlcpy(buf->release, qemu_uname_release,
+                              sizeof(buf->release));
+                }
            }
            unlock_user_struct(buf, arg1, 1);
        }