Module Name: src Committed By: christos Date: Sun Apr 17 23:12:38 UTC 2011
Modified Files: src/lib/libc/db/btree: bt_open.c src/lib/libc/db/hash: hash_page.c Log Message: Correct check for snprintf() overflow via Maksymilian Arciemowicz from FreeBSD. (the bt one was ok, but set errno and make it the same for consistency). [to be pulled up] To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/lib/libc/db/btree/bt_open.c cvs rdiff -u -r1.23 -r1.24 src/lib/libc/db/hash/hash_page.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libc/db/btree/bt_open.c diff -u src/lib/libc/db/btree/bt_open.c:1.24 src/lib/libc/db/btree/bt_open.c:1.25 --- src/lib/libc/db/btree/bt_open.c:1.24 Thu Sep 11 08:58:00 2008 +++ src/lib/libc/db/btree/bt_open.c Sun Apr 17 19:12:38 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: bt_open.c,v 1.24 2008/09/11 12:58:00 joerg Exp $ */ +/* $NetBSD: bt_open.c,v 1.25 2011/04/17 23:12:38 christos Exp $ */ /*- * Copyright (c) 1990, 1993, 1994 @@ -37,7 +37,7 @@ #endif #include <sys/cdefs.h> -__RCSID("$NetBSD: bt_open.c,v 1.24 2008/09/11 12:58:00 joerg Exp $"); +__RCSID("$NetBSD: bt_open.c,v 1.25 2011/04/17 23:12:38 christos Exp $"); /* * Implementation of btree access method for 4.4BSD. @@ -391,7 +391,7 @@ tmp(void) { sigset_t set, oset; - size_t len; + int len; int fd; char *envtmp; char path[PATH_MAX]; @@ -403,8 +403,10 @@ len = snprintf(path, sizeof(path), "%s/bt.XXXXXX", envtmp ? envtmp : _PATH_TMP); - if (len >= sizeof(path)) + if (len < 0 || (size_t)len >= sizeof(path)) { + errno = ENAMETOOLONG; return -1; + } (void)sigfillset(&set); (void)sigprocmask(SIG_BLOCK, &set, &oset); Index: src/lib/libc/db/hash/hash_page.c diff -u src/lib/libc/db/hash/hash_page.c:1.23 src/lib/libc/db/hash/hash_page.c:1.24 --- src/lib/libc/db/hash/hash_page.c:1.23 Thu Sep 11 08:58:00 2008 +++ src/lib/libc/db/hash/hash_page.c Sun Apr 17 19:12:38 2011 @@ -1,4 +1,4 @@ -/* $NetBSD: hash_page.c,v 1.23 2008/09/11 12:58:00 joerg Exp $ */ +/* $NetBSD: hash_page.c,v 1.24 2011/04/17 23:12:38 christos Exp $ */ /*- * Copyright (c) 1990, 1993, 1994 @@ -37,7 +37,7 @@ #endif #include <sys/cdefs.h> -__RCSID("$NetBSD: hash_page.c,v 1.23 2008/09/11 12:58:00 joerg Exp $"); +__RCSID("$NetBSD: hash_page.c,v 1.24 2011/04/17 23:12:38 christos Exp $"); /* * PACKAGE: hashing @@ -869,15 +869,19 @@ sigset_t set, oset; char *envtmp; char namestr[PATH_MAX]; + int len; if (issetugid()) envtmp = NULL; else envtmp = getenv("TMPDIR"); - if (-1 == snprintf(namestr, sizeof(namestr), "%s/_hashXXXXXX", - envtmp ? envtmp : _PATH_TMP)) + len = snprintf(namestr, sizeof(namestr), "%s/_hashXXXXXX", + envtmp ? envtmp : _PATH_TMP); + if (len < 0 || (size_t)len >= sizeof(namestr)) { + errno = ENAMETOOLONG; return -1; + } /* Block signals; make sure file goes away at process exit. */ (void)sigfillset(&set);