svn commit: r184779 - head/usr.sbin/cron/crontab
Dag-Erling Smørgrav
des at des.no
Mon Nov 10 02:11:56 PST 2008
Kostik Belousov <kostikbel at gmail.com> writes:
> Matteo Riondato <matteo at freebsd.org> writes:
> > - (void) sprintf(n, CRON_TAB(User));
> > + (void) snprintf(n, sizeof(n), CRON_TAB(User));
> This note is probably also about paranoia instead of exploitable bug.
> I think that it is better to use %s format explicitely instead of
> expecting no '%' in the CRON_TAB(User).
Better still would be to replace the vile CRON_TAB() macro with a
function:
static inline int
cron_tab(char *str, size_t len, const char *user)
{
return (snprintf(str, len, "%s/%s", SPOOL_DIR, user))
}
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the svn-src-head
mailing list