DF-0477
ip_fw3_ctl_get_modules: bcopy without checking strlen(module_str) <= sopt_valsize: buffer overflow
Summary
ip_fw3_ctl_get_modules(:985-987): bcopy(module_str, sopt_val, strlen(module_str)) without checking strlen<=sopt_valsize. Prior bzero respects sopt_valsize but bcopy does not. If module name list exceeds user buffer -> overflows sopt_val. sopt_valsize then set to strlen(module_str) masking overflow. Compounded by DF-0476 strncpy non-termination feeding unbounded strcat. Kernel/user buffer overflow. Fix: check strlen<=sopt_valsize before bcopy.