kernel/elf: Replace sprintf with snprintf
In two places in elf.cpp, sprintf is used which does not check for buffer overflows. This could potentially lead to malicious executables trying to reach memory they are not supposed to. Instead, it's possible to use snprintf with a sizeof() call. I'm not very well-versed into C/C++, so this is just based on what I've learned. Please do provide feedback, I would like to get into more useful contributions :) Change-Id: I9c36a9938f9c99b3849e77aa9cd2eab313f5bb95 Reviewed-on: https://review.haiku-os.org/c/haiku/+/1975 Reviewed-by: Adrien Destugues <pulkomandy@gmail.com>
This commit is contained in:
parent
1f8acf0862
commit
e41c35ae56
|
@ -1913,8 +1913,8 @@ elf_load_user_image(const char *path, Team *team, uint32 flags, addr_t *entry)
|
|||
leaf++;
|
||||
|
||||
length = strlen(leaf);
|
||||
if (length > B_OS_NAME_LENGTH - 8)
|
||||
sprintf(baseName, "...%s", leaf + length + 8 - B_OS_NAME_LENGTH);
|
||||
if (length > B_OS_NAME_LENGTH - 16)
|
||||
snprintf(baseName, B_OS_NAME_LENGTH, "...%s", leaf + length + 16 - B_OS_NAME_LENGTH);
|
||||
else
|
||||
strcpy(baseName, leaf);
|
||||
}
|
||||
|
@ -1961,7 +1961,7 @@ elf_load_user_image(const char *path, Team *team, uint32 flags, addr_t *entry)
|
|||
memUpperBound = ROUNDUP(memUpperBound, B_PAGE_SIZE);
|
||||
fileUpperBound = ROUNDUP(fileUpperBound, B_PAGE_SIZE);
|
||||
|
||||
sprintf(regionName, "%s_seg%drw", baseName, i);
|
||||
snprintf(regionName, B_OS_NAME_LENGTH, "%s_seg%drw", baseName, i);
|
||||
|
||||
id = vm_map_file(team->id, regionName, (void **)®ionAddress,
|
||||
addressSpec, fileUpperBound,
|
||||
|
|
Loading…
Reference in New Issue