From 1bcd4a2c6f3a256b2db03fc9421857a7f7963f34 Mon Sep 17 00:00:00 2001
From: CTurt <CTurt@users.noreply.github.com>
Date: Thu, 18 Feb 2016 10:33:04 +0000
Subject: [PATCH] HBSD: Fixed potential out of bounds read

More details: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207302

Signed-off-by: CTurt <cturt@hardenedbsd.org>
---
 sys/libkern/iconv.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sys/libkern/iconv.c b/sys/libkern/iconv.c
index b42c043e5e45..d47e44e11aa7 100644
--- a/sys/libkern/iconv.c
+++ b/sys/libkern/iconv.c
@@ -411,11 +411,11 @@ iconv_sysctl_add(SYSCTL_HANDLER_ARGS)
 		return EINVAL;
 	if (din.ia_datalen > ICONV_CSMAXDATALEN)
 		return EINVAL;
-	if (strlen(din.ia_from) >= ICONV_CSNMAXLEN)
+	if (strnlen(din.ia_from, sizeof(din.ia_from)) >= ICONV_CSNMAXLEN)
 		return EINVAL;
-	if (strlen(din.ia_to) >= ICONV_CSNMAXLEN)
+	if (strnlen(din.ia_to, sizeof(din.ia_to)) >= ICONV_CSNMAXLEN)
 		return EINVAL;
-	if (strlen(din.ia_converter) >= ICONV_CNVNMAXLEN)
+	if (strnlen(din.ia_converter, sizeof(din.ia_converter)) >= ICONV_CNVNMAXLEN)
 		return EINVAL;
 	if (iconv_lookupconv(din.ia_converter, &dcp) != 0)
 		return EINVAL;