bin/140228: [patch] mktemp(1) buffer overrun

Jilles Tjoelker jilles at stack.nl
Fri Nov 6 18:10:03 UTC 2009


The following reply was made to PR bin/140228; it has been noted by GNATS.

From: Jilles Tjoelker <jilles at stack.nl>
To: bug-followup at FreeBSD.org, jeremyhu at apple.com
Cc:  
Subject: Re: bin/140228: [patch] mktemp(1) buffer overrun
Date: Fri, 6 Nov 2009 19:05:48 +0100

 It seems more reasonable to have _gettemp() check the length of its
 input string, and fail with ENAMETOOLONG if it is longer than
 MAXPATHLEN. Your patch relies on the kernel to reject names longer than
 MAXPATHLEN with ENAMETOOLONG to avoid it reading past the end of
 carrybuf (in obscure cases).
 
 -- 
 Jilles Tjoelker


More information about the freebsd-bugs mailing list