Date: Mon, 3 Sep 2018 06:55:38 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r338440 - stable/11/usr.sbin/tzsetup Message-ID: <201809030655.w836tcQH035684@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Mon Sep 3 06:55:38 2018 New Revision: 338440 URL: https://svnweb.freebsd.org/changeset/base/338440 Log: MFC r337522: In read_zones(), check if the file name actually fit in the buffer and make sure it would terminate with nul with strlcpy(). Reviewed by: imp (earlier revision) Differential Revision: https://reviews.freebsd.org/D16595 Modified: stable/11/usr.sbin/tzsetup/tzsetup.c Directory Properties: stable/11/ (props changed) Modified: stable/11/usr.sbin/tzsetup/tzsetup.c ============================================================================== --- stable/11/usr.sbin/tzsetup/tzsetup.c Mon Sep 3 06:36:28 2018 (r338439) +++ stable/11/usr.sbin/tzsetup/tzsetup.c Mon Sep 3 06:55:38 2018 (r338440) @@ -481,7 +481,7 @@ read_zones(void) char contbuf[16]; FILE *fp; struct continent *cont; - size_t len; + size_t len, contlen; char *line, *tlc, *file, *descr, *p; int lineno; @@ -504,12 +504,16 @@ read_zones(void) path_zonetab, lineno, tlc); /* coord = */ strsep(&line, "\t"); /* Unused */ file = strsep(&line, "\t"); + /* get continent portion from continent/country */ p = strchr(file, '/'); if (p == NULL) errx(1, "%s:%d: invalid zone name `%s'", path_zonetab, lineno, file); - contbuf[0] = '\0'; - strncat(contbuf, file, p - file); + contlen = p - file + 1; /* trailing nul */ + if (contlen > sizeof(contbuf)) + errx(1, "%s:%d: continent name in zone name `%s' too long", + path_zonetab, lineno, file); + strlcpy(contbuf, file, contlen); cont = find_continent(contbuf); if (!cont) errx(1, "%s:%d: invalid region `%s'", path_zonetab,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809030655.w836tcQH035684>