Date: Thu, 9 Aug 2018 02:47:22 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r337522 - head/usr.sbin/tzsetup Message-ID: <201808090247.w792lMrj093601@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Thu Aug 9 02:47:22 2018 New Revision: 337522 URL: https://svnweb.freebsd.org/changeset/base/337522 Log: In read_zones(), check if the file name actually fit in the buffer and make sure it would terminate with nul with strlcpy(). Reviewed by: imp (earlier revision) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D16595 Modified: head/usr.sbin/tzsetup/tzsetup.c Modified: head/usr.sbin/tzsetup/tzsetup.c ============================================================================== --- head/usr.sbin/tzsetup/tzsetup.c Thu Aug 9 02:27:18 2018 (r337521) +++ head/usr.sbin/tzsetup/tzsetup.c Thu Aug 9 02:47:22 2018 (r337522) @@ -481,7 +481,7 @@ read_zones(void) char contbuf[16]; FILE *fp; struct continent *cont; - size_t len; + size_t len, contlen; char *line, *tlc, *file, *descr, *p; int lineno; @@ -504,12 +504,16 @@ read_zones(void) path_zonetab, lineno, tlc); /* coord = */ strsep(&line, "\t"); /* Unused */ file = strsep(&line, "\t"); + /* get continent portion from continent/country */ p = strchr(file, '/'); if (p == NULL) errx(1, "%s:%d: invalid zone name `%s'", path_zonetab, lineno, file); - contbuf[0] = '\0'; - strncat(contbuf, file, p - file); + contlen = p - file + 1; /* trailing nul */ + if (contlen > sizeof(contbuf)) + errx(1, "%s:%d: continent name in zone name `%s' too long", + path_zonetab, lineno, file); + strlcpy(contbuf, file, contlen); cont = find_continent(contbuf); if (!cont) errx(1, "%s:%d: invalid region `%s'", path_zonetab,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808090247.w792lMrj093601>