Date: Wed, 5 Dec 2012 21:40:31 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Eitan Adler <eadler@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r243895 - head/usr.sbin/pw Message-ID: <20121205204030.GB1423@garage.freebsd.pl> In-Reply-To: <201212051356.qB5Duks1068301@svn.freebsd.org> References: <201212051356.qB5Duks1068301@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--96YOpH+ONegL0A3E Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 05, 2012 at 01:56:46PM +0000, Eitan Adler wrote: > Author: eadler > Date: Wed Dec 5 13:56:46 2012 > New Revision: 243895 > URL: http://svnweb.freebsd.org/changeset/base/243895 >=20 > Log: > Avoid overflow of file buffer Buffer won't overflow, but the path will be truncated, which is neither detected nor handled. > Submitted by: db > Approved by: cperciva > MFC after: 2 weeks >=20 > Modified: > head/usr.sbin/pw/pw_user.c >=20 > Modified: head/usr.sbin/pw/pw_user.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/usr.sbin/pw/pw_user.c Wed Dec 5 13:56:43 2012 (r243894) > +++ head/usr.sbin/pw/pw_user.c Wed Dec 5 13:56:46 2012 (r243895) > @@ -394,7 +394,7 @@ pw_user(struct userconf * cnf, int mode, > /* > * Remove crontabs > */ > - sprintf(file, "/var/cron/tabs/%s", pwd->pw_name); > + snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name); > if (access(file, F_OK) =3D=3D 0) { > sprintf(file, "crontab -u %s -r", pwd->pw_name); > system(file); --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --96YOpH+ONegL0A3E Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlC/sT4ACgkQForvXbEpPzS2kACghWrgxGtoRPGeaQBFZSyKzfl4 LS8AoM2X1e62BHS644YHGXPnUGizXkJM =fxl4 -----END PGP SIGNATURE----- --96YOpH+ONegL0A3E--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121205204030.GB1423>