From e72bbca9ebff6a738c5cb2487179840a4bd746c9 Mon Sep 17 00:00:00 2001
From: Idan Horowitz <idan.horowitz@gmail.com>
Date: Thu, 13 Jan 2022 00:30:58 +0200
Subject: [PATCH] Kernel: Fix OOB write in sys$uname

Since this was only out of bounds of the specific field, not of the
whole struct, and because setting the hostname requires root privileges
this was not actually a security vulnerability.
---
 Kernel/Syscalls/uname.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Kernel/Syscalls/uname.cpp b/Kernel/Syscalls/uname.cpp
index b652630bb8..ea8128d660 100644
--- a/Kernel/Syscalls/uname.cpp
+++ b/Kernel/Syscalls/uname.cpp
@@ -24,7 +24,9 @@ ErrorOr<FlatPtr> Process::sys$uname(Userspace<utsname*> user_buf)
 #endif
 
     hostname().with_shared([&](const auto& name) {
-        memcpy(buf.nodename, name->characters(), name->length() + 1);
+        auto length = min(name->length(), UTSNAME_ENTRY_LEN - 1);
+        memcpy(buf.nodename, name->characters(), length);
+        buf.nodename[length] = '\0';
     });
 
     TRY(copy_to_user(user_buf, &buf));