From d4e79348283bfec78ba618c1610fef92698906f0 Mon Sep 17 00:00:00 2001
From: Jonas 'Sortie' Termansen <sortie@maxsi.org>
Date: Sun, 19 Jan 2014 18:30:07 +0100
Subject: [PATCH] Fix insecure user-space pointer dereferences in
 sys_kernelinfo.

---
 sortix/kernelinfo.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sortix/kernelinfo.cpp b/sortix/kernelinfo.cpp
index 494c069d..10f2740a 100644
--- a/sortix/kernelinfo.cpp
+++ b/sortix/kernelinfo.cpp
@@ -25,6 +25,7 @@
 #include <brand.h>
 #include <errno.h>
 
+#include <sortix/kernel/copy.h>
 #include <sortix/kernel/kernel.h>
 #include <sortix/kernel/syscall.h>
 
@@ -54,7 +55,8 @@ static ssize_t sys_kernelinfo(const char* req, char* resp, size_t resplen)
 	size_t stringlen = strlen(str);
 	if ( resplen < stringlen + 1 )
 		return errno = ERANGE, (ssize_t) stringlen;
-	strcpy(resp, str);
+	if ( !CopyToUser(resp, str, sizeof(char) * (stringlen + 1)) )
+		return -1;
 	return 0;
 }