Date: Wed, 1 Jun 2016 22:39:15 +0000 (UTC) From: Don Lewis <truckman@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r301178 - stable/10/games/fortune/unstr Message-ID: <201606012239.u51MdF9A067950@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: truckman Date: Wed Jun 1 22:39:15 2016 New Revision: 301178 URL: https://svnweb.freebsd.org/changeset/base/301178 Log: MFC r300705 (compensating for fortune moving from games to usr.bin) Avoid buffer overflow when copying the input file name and appending .dat. Check the return value from fread() to be sure that it was successful. Reported by: Coverity CID: 1006709, 1009452 Modified: stable/10/games/fortune/unstr/unstr.c Directory Properties: stable/10/ (props changed) Modified: stable/10/games/fortune/unstr/unstr.c ============================================================================== --- stable/10/games/fortune/unstr/unstr.c Wed Jun 1 22:34:21 2016 (r301177) +++ stable/10/games/fortune/unstr/unstr.c Wed Jun 1 22:39:15 2016 (r301178) @@ -86,13 +86,19 @@ main(int argc, char *argv[]) exit(1); } Infile = argv[1]; - strcpy(Datafile, Infile); - strcat(Datafile, ".dat"); + if ((size_t)snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile) >= + sizeof(Datafile)) + errx(1, "%s name too long", Infile); if ((Inf = fopen(Infile, "r")) == NULL) err(1, "%s", Infile); if ((Dataf = fopen(Datafile, "r")) == NULL) err(1, "%s", Datafile); - fread((char *)&tbl, sizeof(tbl), 1, Dataf); + if (fread((char *)&tbl, sizeof(tbl), 1, Dataf) != 1) { + if (feof(Dataf)) + errx(1, "%s read EOF", Datafile); + else + err(1, "%s read", Datafile); + } tbl.str_version = be32toh(tbl.str_version); tbl.str_numstr = be32toh(tbl.str_numstr); tbl.str_longlen = be32toh(tbl.str_longlen);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606012239.u51MdF9A067950>