Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct check for snprintf() overflow via Maksymilian Arciemowicz from FreeBSD. 

(the bt one was ok, but set errno and make it the same for consistency).
[to be pulled up]
This commit is contained in:
christos 2011-04-17 23:12:38 +00:00
parent 28e5fe5363
commit 4957358ed5
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/libc/db/btree/bt_open.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: bt_open.c,v 1.24 2008/09/11 12:58:00 joerg Exp $ */
/* $NetBSD: bt_open.c,v 1.25 2011/04/17 23:12:38 christos Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@ -37,7 +37,7 @@
#endif
#include <sys/cdefs.h>
__RCSID("$NetBSD: bt_open.c,v 1.24 2008/09/11 12:58:00 joerg Exp $");
__RCSID("$NetBSD: bt_open.c,v 1.25 2011/04/17 23:12:38 christos Exp $");
/*
* Implementation of btree access method for 4.4BSD.
@ -391,7 +391,7 @@ static int
tmp(void)
{
sigset_t set, oset;
size_t len;
int len;
int fd;
char *envtmp;
char path[PATH_MAX];
@ -403,8 +403,10 @@ tmp(void)
len = snprintf(path,
sizeof(path), "%s/bt.XXXXXX", envtmp ? envtmp : _PATH_TMP);
if (len >= sizeof(path))
if (len < 0 || (size_t)len >= sizeof(path)) {
errno = ENAMETOOLONG;
return -1;
}
(void)sigfillset(&set);
(void)sigprocmask(SIG_BLOCK, &set, &oset);

12
lib/libc/db/hash/hash_page.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: hash_page.c,v 1.23 2008/09/11 12:58:00 joerg Exp $ */
/* $NetBSD: hash_page.c,v 1.24 2011/04/17 23:12:38 christos Exp $ */
/*-
* Copyright (c) 1990, 1993, 1994
@ -37,7 +37,7 @@
#endif
#include <sys/cdefs.h>
__RCSID("$NetBSD: hash_page.c,v 1.23 2008/09/11 12:58:00 joerg Exp $");
__RCSID("$NetBSD: hash_page.c,v 1.24 2011/04/17 23:12:38 christos Exp $");
/*
* PACKAGE: hashing
@ -869,15 +869,19 @@ open_temp(HTAB *hashp)
sigset_t set, oset;
char *envtmp;
char namestr[PATH_MAX];
int len;
if (issetugid())
envtmp = NULL;
else
envtmp = getenv("TMPDIR");
if (-1 == snprintf(namestr, sizeof(namestr), "%s/_hashXXXXXX",
envtmp ? envtmp : _PATH_TMP))
len = snprintf(namestr, sizeof(namestr), "%s/_hashXXXXXX",
envtmp ? envtmp : _PATH_TMP);
if (len < 0 || (size_t)len >= sizeof(namestr)) {
errno = ENAMETOOLONG;
return -1;
}
/* Block signals; make sure file goes away at process exit. */
(void)sigfillset(&set);