Module Name: src
Committed By: christos
Date: Sun Apr 17 23:12:38 UTC 2011
Modified Files:
src/lib/libc/db/btree: bt_open.c
src/lib/libc/db/hash: hash_page.c
Log Message:
Correct check for snprintf() overflow via Maksymilian Arciemowicz from FreeBSD.
(the bt one was ok, but set errno and make it the same for consistency).
[to be pulled up]
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/lib/libc/db/btree/bt_open.c
cvs rdiff -u -r1.23 -r1.24 src/lib/libc/db/hash/hash_page.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/db/btree/bt_open.c
diff -u src/lib/libc/db/btree/bt_open.c:1.24 src/lib/libc/db/btree/bt_open.c:1.25
--- src/lib/libc/db/btree/bt_open.c:1.24 Thu Sep 11 08:58:00 2008
+++ src/lib/libc/db/btree/bt_open.c Sun Apr 17 19:12:38 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: bt_open.c,v 1.24 2008/09/11 12:58:00 joerg Exp $ */
+/* $NetBSD: bt_open.c,v 1.25 2011/04/17 23:12:38 christos Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@@ -37,7 +37,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: bt_open.c,v 1.24 2008/09/11 12:58:00 joerg Exp $");
+__RCSID("$NetBSD: bt_open.c,v 1.25 2011/04/17 23:12:38 christos Exp $");
/*
* Implementation of btree access method for 4.4BSD.
@@ -391,7 +391,7 @@
tmp(void)
{
sigset_t set, oset;
- size_t len;
+ int len;
int fd;
char *envtmp;
char path[PATH_MAX];
@@ -403,8 +403,10 @@
len = snprintf(path,
sizeof(path), "%s/bt.XXXXXX", envtmp ? envtmp : _PATH_TMP);
- if (len >= sizeof(path))
+ if (len < 0 || (size_t)len >= sizeof(path)) {
+ errno = ENAMETOOLONG;
return -1;
+ }
(void)sigfillset(&set);
(void)sigprocmask(SIG_BLOCK, &set, &oset);
Index: src/lib/libc/db/hash/hash_page.c
diff -u src/lib/libc/db/hash/hash_page.c:1.23 src/lib/libc/db/hash/hash_page.c:1.24
--- src/lib/libc/db/hash/hash_page.c:1.23 Thu Sep 11 08:58:00 2008
+++ src/lib/libc/db/hash/hash_page.c Sun Apr 17 19:12:38 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: hash_page.c,v 1.23 2008/09/11 12:58:00 joerg Exp $ */
+/* $NetBSD: hash_page.c,v 1.24 2011/04/17 23:12:38 christos Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@@ -37,7 +37,7 @@
#endif
#include <sys/cdefs.h>
-__RCSID("$NetBSD: hash_page.c,v 1.23 2008/09/11 12:58:00 joerg Exp $");
+__RCSID("$NetBSD: hash_page.c,v 1.24 2011/04/17 23:12:38 christos Exp $");
/*
* PACKAGE: hashing
@@ -869,15 +869,19 @@
sigset_t set, oset;
char *envtmp;
char namestr[PATH_MAX];
+ int len;
if (issetugid())
envtmp = NULL;
else
envtmp = getenv("TMPDIR");
- if (-1 == snprintf(namestr, sizeof(namestr), "%s/_hashXXXXXX",
- envtmp ? envtmp : _PATH_TMP))
+ len = snprintf(namestr, sizeof(namestr), "%s/_hashXXXXXX",
+ envtmp ? envtmp : _PATH_TMP);
+ if (len < 0 || (size_t)len >= sizeof(namestr)) {
+ errno = ENAMETOOLONG;
return -1;
+ }
/* Block signals; make sure file goes away at process exit. */
(void)sigfillset(&set);
