kernel/elf: Replace sprintf with snprintf

In two places in elf.cpp, sprintf is used which does not check for buffer overflows. This could potentially lead to malicious executables trying to reach memory they are not supposed to. Instead, it's possible to use snprintf with a sizeof() call. I'm not very well-versed into C/C++, so this is just based on what I've learned. Please do provide feedback, I would like to get into more useful contributions :) Change-Id: I9c36a9938f9c99b3849e77aa9cd2eab313f5bb95 Reviewed-on: https://review.haiku-os.org/c/haiku/+/1975 Reviewed-by: Adrien Destugues <pulkomandy@gmail.com>
2019-11-25 23:22:53 +04:00 · 2019-11-25 23:22:53 +04:00 · e41c35ae56
parent 1f8acf0862
commit e41c35ae56
1 changed files with 3 additions and 3 deletions
--- a/src/system/kernel/elf.cpp
+++ b/src/system/kernel/elf.cpp
@ -1913,8 +1913,8 @@ elf_load_user_image(const char *path, Team *team, uint32 flags, addr_t *entry)
 			leaf++;

 		length = strlen(leaf);
-		if (length > B_OS_NAME_LENGTH - 8)
-			sprintf(baseName, "...%s", leaf + length + 8 - B_OS_NAME_LENGTH);
+		if (length > B_OS_NAME_LENGTH - 16)
+			snprintf(baseName, B_OS_NAME_LENGTH, "...%s", leaf + length + 16 - B_OS_NAME_LENGTH);
 		else
 			strcpy(baseName, leaf);
 	}
@ -1961,7 +1961,7 @@ elf_load_user_image(const char *path, Team *team, uint32 flags, addr_t *entry)
 			memUpperBound = ROUNDUP(memUpperBound, B_PAGE_SIZE);
 			fileUpperBound = ROUNDUP(fileUpperBound, B_PAGE_SIZE);

-			sprintf(regionName, "%s_seg%drw", baseName, i);
+			snprintf(regionName, B_OS_NAME_LENGTH, "%s_seg%drw", baseName, i);

 			id = vm_map_file(team->id, regionName, (void **)&regionAddress,
 				addressSpec, fileUpperBound,