From b09cd6786047e4572f98a7703992fe96e4312da7 Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Thu, 6 Aug 2015 11:48:51 +0200
Subject: kernel: validnamedup() the name argument for segattach()

this moves the name validation out of segattach() to syssegattach()
to make sure the segment name cannot be changed by the user while
segattach looks at it.
---
 sys/src/9/port/segment.c |  3 ---
 sys/src/9/port/sysproc.c | 11 ++++++++++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/sys/src/9/port/segment.c b/sys/src/9/port/segment.c
index d7124caef..a9eb26eaf 100644
--- a/sys/src/9/port/segment.c
+++ b/sys/src/9/port/segment.c
@@ -604,9 +604,6 @@ segattach(Proc *p, ulong attr, char *name, uintptr va, uintptr len)
 	if(va != 0 && va >= USTKTOP)
 		error(Ebadarg);
 
-	validaddr((uintptr)name, 1, 0);
-	vmemchr(name, 0, ~0);
-
 	for(sno = 0; sno < NSEG; sno++)
 		if(p->seg[sno] == nil && sno != ESEG)
 			break;
diff --git a/sys/src/9/port/sysproc.c b/sys/src/9/port/sysproc.c
index 597398cb9..0a71a0c03 100644
--- a/sys/src/9/port/sysproc.c
+++ b/sys/src/9/port/sysproc.c
@@ -775,7 +775,16 @@ syssegattach(va_list list)
 	name = va_arg(list, char*);
 	va = va_arg(list, uintptr);
 	len = va_arg(list, ulong);
-	return segattach(up, attr, name, va, len);
+	validaddr((uintptr)name, 1, 0);
+	name = validnamedup(name, 1);
+	if(waserror()){
+		free(name);
+		nexterror();
+	}
+	va = segattach(up, attr, name, va, len);
+	free(name);
+	poperror();
+	return va;
 }
 
 uintptr
-- 
cgit v1.2.3