Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 28 Mar 2009 05:57:27 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r190485 - in head/lib/libc/db: btree hash
Message-ID:  <200903280557.n2S5vR2c086112@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: delphij
Date: Sat Mar 28 05:57:27 2009
New Revision: 190485
URL: http://svn.freebsd.org/changeset/base/190485

Log:
  db/btree/bt_open.c: check return value of snprintf() and return value
  if the result is truncated.
  
  db/hash/hash_page.c: use the same way to create temporary file as
  bt_open.c; check snprintf() return value.
  
  Obtained from:	OpenBSD

Modified:
  head/lib/libc/db/btree/bt_open.c
  head/lib/libc/db/hash/hash_page.c

Modified: head/lib/libc/db/btree/bt_open.c
==============================================================================
--- head/lib/libc/db/btree/bt_open.c	Sat Mar 28 05:45:29 2009	(r190484)
+++ head/lib/libc/db/btree/bt_open.c	Sat Mar 28 05:57:27 2009	(r190485)
@@ -383,14 +383,18 @@ static int
 tmp(void)
 {
 	sigset_t set, oset;
-	int fd;
+	int fd, len;
 	char *envtmp = NULL;
 	char path[MAXPATHLEN];
 
 	if (issetugid() == 0)
 		envtmp = getenv("TMPDIR");
-	(void)snprintf(path,
+	len = snprintf(path,
 	    sizeof(path), "%s/bt.XXXXXXXXXX", envtmp ? envtmp : "/tmp");
+	if (len < 0 || len >= (int)sizeof(path)) {
+		errno = ENAMETOOLONG;
+		return(-1);
+	}
 
 	(void)sigfillset(&set);
 	(void)_sigprocmask(SIG_BLOCK, &set, &oset);

Modified: head/lib/libc/db/hash/hash_page.c
==============================================================================
--- head/lib/libc/db/hash/hash_page.c	Sat Mar 28 05:45:29 2009	(r190484)
+++ head/lib/libc/db/hash/hash_page.c	Sat Mar 28 05:57:27 2009	(r190485)
@@ -53,7 +53,7 @@ __FBSDID("$FreeBSD$");
  */
 
 #include "namespace.h"
-#include <sys/types.h>
+#include <sys/param.h>
 
 #include <errno.h>
 #include <fcntl.h>
@@ -833,13 +833,24 @@ static int
 open_temp(HTAB *hashp)
 {
 	sigset_t set, oset;
-	static char namestr[] = "_hashXXXXXX";
+	int len;
+	char *envtmp = NULL;
+	char path[MAXPATHLEN];
+
+	if (issetugid() == 0)
+		envtmp = getenv("TMPDIR");
+	len = snprintf(path,
+	    sizeof(path), "%s/_hash.XXXXXX", envtmp ? envtmp : "/tmp");
+	if (len < 0 || len >= sizeof(path)) {
+		errno = ENAMETOOLONG;
+		return (-1);
+	}
 
 	/* Block signals; make sure file goes away at process exit. */
 	(void)sigfillset(&set);
 	(void)_sigprocmask(SIG_BLOCK, &set, &oset);
-	if ((hashp->fp = mkstemp(namestr)) != -1) {
-		(void)unlink(namestr);
+	if ((hashp->fp = mkstemp(path)) != -1) {
+		(void)unlink(path);
 		(void)_fcntl(hashp->fp, F_SETFD, 1);
 	}
 	(void)_sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903280557.n2S5vR2c086112>