svn commit: r300706 - head/usr.sbin/tzsetup
Don Lewis
truckman at FreeBSD.org
Thu May 26 01:45:05 UTC 2016
Author: truckman
Date: Thu May 26 01:45:04 2016
New Revision: 300706
URL: https://svnweb.freebsd.org/changeset/base/300706
Log:
Avoid buffer overflow or truncation when constructing path_zoneinfo_file.
Reported by: Coverity
CID: 1011160
MFC after: 1 week
Modified:
head/usr.sbin/tzsetup/tzsetup.c
Modified: head/usr.sbin/tzsetup/tzsetup.c
==============================================================================
--- head/usr.sbin/tzsetup/tzsetup.c Thu May 26 01:33:24 2016 (r300705)
+++ head/usr.sbin/tzsetup/tzsetup.c Thu May 26 01:45:04 2016 (r300706)
@@ -838,7 +838,9 @@ install_zoneinfo(const char *zoneinfo)
FILE *f;
char path_zoneinfo_file[MAXPATHLEN];
- sprintf(path_zoneinfo_file, "%s/%s", path_zoneinfo, zoneinfo);
+ if ((size_t)snprintf(path_zoneinfo_file, sizeof(path_zoneinfo_file),
+ "%s/%s", path_zoneinfo, zoneinfo) >= sizeof(path_zoneinfo_file))
+ errx(1, "%s/%s name too long", path_zoneinfo, zoneinfo);
rv = install_zoneinfo_file(path_zoneinfo_file);
/* Save knowledge for later */
More information about the svn-src-head
mailing list