bin/140228: [patch] mktemp(1) buffer overrun
jilles at stack.nl
Fri Nov 6 18:10:03 UTC 2009
The following reply was made to PR bin/140228; it has been noted by GNATS.
From: Jilles Tjoelker <jilles at stack.nl>
To: bug-followup at FreeBSD.org, jeremyhu at apple.com
Subject: Re: bin/140228: [patch] mktemp(1) buffer overrun
Date: Fri, 6 Nov 2009 19:05:48 +0100
It seems more reasonable to have _gettemp() check the length of its
input string, and fail with ENAMETOOLONG if it is longer than
MAXPATHLEN. Your patch relies on the kernel to reject names longer than
MAXPATHLEN with ENAMETOOLONG to avoid it reading past the end of
carrybuf (in obscure cases).
More information about the freebsd-bugs