>Synopsis: disklabel missing return value checks on asprintf
>Category: system
>Environment:
System : OpenBSD 5.5
Details : OpenBSD 5.5-stable (GENERIC.MP) #0: Sun May 11 00:29:07
PDT 2014
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
The disklabel.c file calls asprintf in a few places without checking
the return value
>How-To-Repeat:
N/A
>Fix:
Patch against 5.5-stable.
Index: disklabel.c
===================================================================
RCS file: /cvs/src/sbin/disklabel/disklabel.c,v
retrieving revision 1.192
diff -u -p -r1.192 disklabel.c
--- disklabel.c 14 Feb 2014 15:03:43 -0000 1.192
+++ disklabel.c 19 May 2014 03:21:40 -0000
@@ -457,11 +457,13 @@ readlabel(int f)
err(4, "ioctl DIOCGDINFO");
}
- asprintf(&partname, "/dev/%s%c", dkname, 'a');
- asprintf(&partduid,
+ if (asprintf(&partname, "/dev/%s%c", dkname, 'a') == -1)
+ err(4, "asprintf");
+ if (asprintf(&partduid,
"%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx.a",
lab.d_uid[0], lab.d_uid[1], lab.d_uid[2], lab.d_uid[3],
- lab.d_uid[4], lab.d_uid[5], lab.d_uid[6], lab.d_uid[7]);
+ lab.d_uid[4], lab.d_uid[5], lab.d_uid[6], lab.d_uid[7]) == -1)
+ err(4, "asprintf");
setfsent();
for (i = 0; i < MAXPARTITIONS; i++) {
partname[strlen(dkname) + 5] = 'a' + i;
