Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Dec 2012 22:21:00 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r244568 - head/lib/libc/gen
Message-ID:  <201212212221.qBLML0vS049788@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: delphij
Date: Fri Dec 21 22:20:59 2012
New Revision: 244568
URL: http://svnweb.freebsd.org/changeset/base/244568

Log:
   - Reduce buffer size from LINE_MAX to PATH_MAX, there is no point to store
     path longer than this.
   - Fix an unreached case of check against sizeof buf, which in turn leads
     to an off-by-one nul byte write on the stack.  The original condition
     can never be satisfied because the passed boundary is the maximum value
     that can be returned, so code was harmless.
  
  MFC after:	1 month

Modified:
  head/lib/libc/gen/check_utility_compat.c

Modified: head/lib/libc/gen/check_utility_compat.c
==============================================================================
--- head/lib/libc/gen/check_utility_compat.c	Fri Dec 21 21:41:23 2012	(r244567)
+++ head/lib/libc/gen/check_utility_compat.c	Fri Dec 21 22:20:59 2012	(r244568)
@@ -35,32 +35,28 @@ __FBSDID("$FreeBSD$");
  * are threaded, so I'm not concerned about cancellation points or other
  * niceties.
  */
+#include <sys/limits.h>
+
 #include <limits.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
-#ifndef LINE_MAX
-#define	LINE_MAX _POSIX2_LINE_MAX
-#endif
-
 #define	_PATH_UTIL_COMPAT	"/etc/compat-FreeBSD-4-util"
 #define	_ENV_UTIL_COMPAT	"_COMPAT_FreeBSD_4"
 
 int
 check_utility_compat(const char *utility)
 {
-	char buf[LINE_MAX];
+	char buf[PATH_MAX];
 	char *p, *bp;
 	int len;
 
 	if ((p = getenv(_ENV_UTIL_COMPAT)) != NULL) {
 		strlcpy(buf, p, sizeof buf);
 	} else {
-		if ((len = readlink(_PATH_UTIL_COMPAT, buf, sizeof buf)) < 0)
+		if ((len = readlink(_PATH_UTIL_COMPAT, buf, sizeof(buf) - 1)) < 0)
 			return 0;
-		if (len > sizeof buf)
-			len = sizeof buf;
 		buf[len] = '\0';
 	}
 	if (buf[0] == '\0')

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212212221.qBLML0vS049788>