From 1f3d09306bf5d3572c0cda033a4c83603216c598 Mon Sep 17 00:00:00 2001
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Sun, 18 Apr 2021 19:09:30 +0300
Subject: [PATCH] sysctl_handle_string: do not malloc when SYSCTL_IN cannot
 fault

(cherry picked from commit 4342ba184c15f3b8912e95f93fe313731963f065)
---
 sys/kern/kern_sysctl.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c
index ffb6ac196ba..4bfe7073e5a 100644
--- a/sys/kern/kern_sysctl.c
+++ b/sys/kern/kern_sysctl.c
@@ -1785,6 +1785,15 @@ sysctl_handle_string(SYSCTL_HANDLER_ARGS)
 		sx_xlock(&sysctlstringlock);
 		((char *)arg1)[0] = '\0';
 		sx_xunlock(&sysctlstringlock);
+	} else if (req->newfunc == sysctl_new_kernel) {
+		arg2 = req->newlen - req->newidx;
+		sx_xlock(&sysctlstringlock);
+		error = SYSCTL_IN(req, arg1, arg2);
+		if (error == 0) {
+			((char *)arg1)[arg2] = '\0';
+			req->newidx += arg2;
+		}
+		sx_xunlock(&sysctlstringlock);
 	} else {
 		arg2 = req->newlen - req->newidx;
 		tmparg = malloc(arg2, M_SYSCTLTMP, M_WAITOK);