Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Jun 2016 06:33:40 +0000 (UTC)
From:      Don Lewis <truckman@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r301919 - stable/10/bin/setfacl
Message-ID:  <201606150633.u5F6Xe3j025251@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: truckman
Date: Wed Jun 15 06:33:40 2016
New Revision: 301919
URL: https://svnweb.freebsd.org/changeset/base/301919

Log:
  MFC     r301582
  
  Explicitly NUL terminate the buffer filled by fread().
  
  The fix in r300649 was not sufficient to convince Coverity that the
  buffer was NUL terminated, even with the buffer pre-zeroed.  Swap
  the size and nmemb arguments to fread() so that a valid lenght is
  returned, which we can use to terminate the string in the buffer
  at the correct location.  This should also quiet the complaint about
  the return value of fread() not being checked.
  
  Reported by:	Coverity
  CID:		1019054, 1009614
  Secur3ty:
  Sponsore dby:

Modified:
  stable/10/bin/setfacl/file.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/bin/setfacl/file.c
==============================================================================
--- stable/10/bin/setfacl/file.c	Wed Jun 15 06:32:00 2016	(r301918)
+++ stable/10/bin/setfacl/file.c	Wed Jun 15 06:33:40 2016	(r301919)
@@ -43,13 +43,12 @@ acl_t
 get_acl_from_file(const char *filename)
 {
 	FILE *file;
+	size_t len;
 	char buf[BUFSIZ+1];
 
 	if (filename == NULL)
 		err(1, "(null) filename in get_acl_from_file()");
 
-	bzero(&buf, sizeof(buf));
-
 	if (strcmp(filename, "-") == 0) {
 		if (have_stdin != 0)
 			err(1, "cannot specify more than one stdin");
@@ -61,7 +60,8 @@ get_acl_from_file(const char *filename)
 			err(1, "fopen() %s failed", filename);
 	}
 
-	fread(buf, sizeof(buf) - 1, (size_t)1, file);
+	len = fread(buf, (size_t)1, sizeof(buf) - 1, file);
+	buf[len] = '\0';
 	if (ferror(file) != 0) {
 		fclose(file);
 		err(1, "error reading from %s", filename);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606150633.u5F6Xe3j025251>