From: Bob Beck Subject: Re: Maybe strlen is unnecessary in kern_unveil.c To: Theo de Raadt Cc: Sebastien Marie , Christian Schulte , tech@openbsd.org Date: Wed, 19 Nov 2025 10:23:46 -0700 > On Nov 19, 2025, at 10:00, Theo de Raadt wrote: > > I've seen so much trouble from taking a buffer, which is not actually > a string, and start trying to add half-measures to NUL terminate or > or check for NUL-termination, so that is now kind of like a string. > Soon, someone dealing with the code sees those checks and starts to > believe it is a string but it isn't, and now a bug gets introduced, > and quite often these problems are related to the +1 accounting for > the NUL. Like here :) > > So my gut feeling has always been that if an object is a non-string buffer, > every single line of code should treat it like a non-string to avoid > the confusion. > And indeed, when unveil was being written, it’s focus was to do that everywhere it could, as many of the strings in the kernel relating to namei are *not* \0 terminated (as they are ptr/len pairs pointing to something inside a larger object) This is not OpenSSL. It’s the Kernel. You should not assume an array of characters is \0 terminated, as it frequently is not, and not just in unveil.