> On Nov 19, 2025, at 10:00, Theo de Raadt <deraadt@openbsd.org> wrote:
> 
> I've seen so much trouble from taking a buffer, which is not actually
> a string, and start trying to add half-measures to NUL terminate or
> or check for NUL-termination, so that is now kind of like a string.
> Soon, someone dealing with the code sees those checks and starts to
> believe it is a string but it isn't, and now a bug gets introduced,
> and quite often these problems are related to the +1 accounting for
> the NUL.  Like here :)
> 
> So my gut feeling has always been that if an object is a non-string buffer,
> every single line of code should treat it like a non-string to avoid
> the confusion.
> 

And indeed, when unveil was being written, it’s focus was to do that
everywhere it could, as many of the strings in the kernel relating to
namei are *not* \0 terminated (as they are ptr/len pairs pointing to 
something inside a larger object)

This is not OpenSSL. It’s the Kernel. You should not assume an array
 of characters is \0 terminated, as it frequently is not, and not just in unveil.