Date: Fri, 14 Apr 2017 00:36:45 +0000 (UTC) From: Conrad Meyer <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r316802 - head/usr.sbin/bsdinstall/partedit Message-ID: <201704140036.v3E0aja0024020@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Fri Apr 14 00:36:45 2017 New Revision: 316802 URL: https://svnweb.freebsd.org/changeset/base/316802 Log: bsdinstall(8): Sprinkle a snprintf to fixed size buffer Use a snprintf to write an environment variable to a fixed-size buffer to avoid stack overflow. Reported by: Coverity (CWE-120) CID: 1238926 Sponsored by: Dell EMC Isilon Modified: head/usr.sbin/bsdinstall/partedit/gpart_ops.c Modified: head/usr.sbin/bsdinstall/partedit/gpart_ops.c ============================================================================== --- head/usr.sbin/bsdinstall/partedit/gpart_ops.c Fri Apr 14 00:22:28 2017 (r316801) +++ head/usr.sbin/bsdinstall/partedit/gpart_ops.c Fri Apr 14 00:36:45 2017 (r316802) @@ -146,7 +146,7 @@ newfs_command(const char *fstype, char * strcpy(command, "zpool create -f -m none "); if (getenv("BSDINSTALL_TMPBOOT") != NULL) { char zfsboot_path[MAXPATHLEN]; - sprintf(zfsboot_path, "%s/zfs", + snprintf(zfsboot_path, sizeof(zfsboot_path), "%s/zfs", getenv("BSDINSTALL_TMPBOOT")); mkdir(zfsboot_path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704140036.v3E0aja0024020>