Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/lib/libc/db Correct check for snprintf() overflow via Maksym...

details:   https://anonhg.NetBSD.org/src/rev/551a5635f8f4
branches:  trunk
changeset: 764361:551a5635f8f4
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Apr 17 23:12:38 2011 +0000

description:
Correct check for snprintf() overflow via Maksymilian Arciemowicz from FreeBSD.
(the bt one was ok, but set errno and make it the same for consistency).
[to be pulled up]

diffstat:

 lib/libc/db/btree/bt_open.c  |  10 ++++++----
 lib/libc/db/hash/hash_page.c |  12 ++++++++----
 2 files changed, 14 insertions(+), 8 deletions(-)

diffs (79 lines):

diff -r 0546c917ee6e -r 551a5635f8f4 lib/libc/db/btree/bt_open.c
--- a/lib/libc/db/btree/bt_open.c       Sun Apr 17 22:35:22 2011 +0000
+++ b/lib/libc/db/btree/bt_open.c       Sun Apr 17 23:12:38 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bt_open.c,v 1.24 2008/09/11 12:58:00 joerg Exp $       */
+/*     $NetBSD: bt_open.c,v 1.25 2011/04/17 23:12:38 christos Exp $    */
 
 /*-
  * Copyright (c) 1990, 1993, 1994
@@ -37,7 +37,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: bt_open.c,v 1.24 2008/09/11 12:58:00 joerg Exp $");
+__RCSID("$NetBSD: bt_open.c,v 1.25 2011/04/17 23:12:38 christos Exp $");
 
 /*
  * Implementation of btree access method for 4.4BSD.
@@ -391,7 +391,7 @@
 tmp(void)
 {
        sigset_t set, oset;
-       size_t len;
+       int len;
        int fd;
        char *envtmp;
        char path[PATH_MAX];
@@ -403,8 +403,10 @@
 
        len = snprintf(path,
            sizeof(path), "%s/bt.XXXXXX", envtmp ? envtmp : _PATH_TMP);
-       if (len >= sizeof(path))
+       if (len < 0 || (size_t)len >= sizeof(path)) {
+               errno = ENAMETOOLONG;
                return -1;
+       }
        
        (void)sigfillset(&set);
        (void)sigprocmask(SIG_BLOCK, &set, &oset);
diff -r 0546c917ee6e -r 551a5635f8f4 lib/libc/db/hash/hash_page.c
--- a/lib/libc/db/hash/hash_page.c      Sun Apr 17 22:35:22 2011 +0000
+++ b/lib/libc/db/hash/hash_page.c      Sun Apr 17 23:12:38 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: hash_page.c,v 1.23 2008/09/11 12:58:00 joerg Exp $     */
+/*     $NetBSD: hash_page.c,v 1.24 2011/04/17 23:12:38 christos Exp $  */
 
 /*-
  * Copyright (c) 1990, 1993, 1994
@@ -37,7 +37,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: hash_page.c,v 1.23 2008/09/11 12:58:00 joerg Exp $");
+__RCSID("$NetBSD: hash_page.c,v 1.24 2011/04/17 23:12:38 christos Exp $");
 
 /*
  * PACKAGE:  hashing
@@ -869,15 +869,19 @@
        sigset_t set, oset;
        char *envtmp;
        char namestr[PATH_MAX];
+       int len;
 
        if (issetugid())
                envtmp = NULL;
        else
                envtmp = getenv("TMPDIR");
 
-       if (-1 == snprintf(namestr, sizeof(namestr), "%s/_hashXXXXXX",
-           envtmp ? envtmp : _PATH_TMP))
+       len = snprintf(namestr, sizeof(namestr), "%s/_hashXXXXXX",
+           envtmp ? envtmp : _PATH_TMP);
+       if (len < 0 || (size_t)len >= sizeof(namestr)) {
+               errno = ENAMETOOLONG;
                return -1;
+       }
 
        /* Block signals; make sure file goes away at process exit. */
        (void)sigfillset(&set);
Home | Main Index | Thread Index | Old Index