svn commit: r301178 - stable/10/games/fortune/unstr
Don Lewis
truckman at FreeBSD.org
Wed Jun 1 22:39:16 UTC 2016
Author: truckman
Date: Wed Jun 1 22:39:15 2016
New Revision: 301178
URL: https://svnweb.freebsd.org/changeset/base/301178
Log:
MFC r300705 (compensating for fortune moving from games to usr.bin)
Avoid buffer overflow when copying the input file name and appending .dat.
Check the return value from fread() to be sure that it was successful.
Reported by: Coverity
CID: 1006709, 1009452
Modified:
stable/10/games/fortune/unstr/unstr.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/games/fortune/unstr/unstr.c
==============================================================================
--- stable/10/games/fortune/unstr/unstr.c Wed Jun 1 22:34:21 2016 (r301177)
+++ stable/10/games/fortune/unstr/unstr.c Wed Jun 1 22:39:15 2016 (r301178)
@@ -86,13 +86,19 @@ main(int argc, char *argv[])
exit(1);
}
Infile = argv[1];
- strcpy(Datafile, Infile);
- strcat(Datafile, ".dat");
+ if ((size_t)snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile) >=
+ sizeof(Datafile))
+ errx(1, "%s name too long", Infile);
if ((Inf = fopen(Infile, "r")) == NULL)
err(1, "%s", Infile);
if ((Dataf = fopen(Datafile, "r")) == NULL)
err(1, "%s", Datafile);
- fread((char *)&tbl, sizeof(tbl), 1, Dataf);
+ if (fread((char *)&tbl, sizeof(tbl), 1, Dataf) != 1) {
+ if (feof(Dataf))
+ errx(1, "%s read EOF", Datafile);
+ else
+ err(1, "%s read", Datafile);
+ }
tbl.str_version = be32toh(tbl.str_version);
tbl.str_numstr = be32toh(tbl.str_numstr);
tbl.str_longlen = be32toh(tbl.str_longlen);
More information about the svn-src-stable-10
mailing list