Fix several dev_clone callbacks to avoid out-of-bounds reads

Use strncmp() instead of bcmp(), so that we don't have to find the minimum of the string lengths before comparing. Reviewed by: kib Reported by: KASAN MFC after: 3 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29463
2024-11-27 00:33:30 +00:00 · 2021-03-28 11:08:36 -04:00 · 2021-03-28 11:08:36 -04:00 · 3428b6c050
commit 3428b6c050
parent 1c1ff79795
2 changed files with 2 additions and 3 deletions
--- a/sys/dev/sound/pcm/dsp.c
+++ b/sys/dev/sound/pcm/dsp.c
@ -2294,8 +2294,7 @@ dsp_stdclone(char *name, char *namep, char *sep, int use_sep, int *u, int *c)
 	size_t len;

 	len = strlen(namep);
-
-	if (bcmp(name, namep, len) != 0)
+	if (strncmp(name, namep, len) != 0)
 		return (ENODEV);

 	name += len;
--- a/sys/kern/kern_conf.c
+++ b/sys/kern/kern_conf.c
@ -1255,7 +1255,7 @@ dev_stdclone(char *name, char **namep, const char *stem, int *unit)
 	int u, i;

 	i = strlen(stem);
-	if (bcmp(stem, name, i) != 0)
+	if (strncmp(stem, name, i) != 0)
 		return (0);
 	if (!isdigit(name[i]))
 		return (0);