bin/140228: [patch] mktemp(1) buffer overrun

Jilles Tjoelker jilles at
Fri Nov 6 18:10:03 UTC 2009

The following reply was made to PR bin/140228; it has been noted by GNATS.

From: Jilles Tjoelker <jilles at>
To: bug-followup at, jeremyhu at
Subject: Re: bin/140228: [patch] mktemp(1) buffer overrun
Date: Fri, 6 Nov 2009 19:05:48 +0100

 It seems more reasonable to have _gettemp() check the length of its
 input string, and fail with ENAMETOOLONG if it is longer than
 MAXPATHLEN. Your patch relies on the kernel to reject names longer than
 MAXPATHLEN with ENAMETOOLONG to avoid it reading past the end of
 carrybuf (in obscure cases).
 Jilles Tjoelker

More information about the freebsd-bugs mailing list