1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-14 10:09:48 +00:00

ctm: Fix some trivial argv buffer overruns

It may not do the right thing with these obviously wrong inputs, but at
least it won't smash the stack.

Reported by:	Coverity (CWE-120)
CIDs:		1006697, 1006698
Sponsored by:	Dell EMC Isilon
This commit is contained in:
Conrad Meyer 2017-04-13 22:59:17 +00:00
parent 848d5e929b
commit 9c363a12fb
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=316795
2 changed files with 4 additions and 3 deletions

View File

@ -115,7 +115,8 @@ main(int argc, char **argv)
if (ftsent->fts_info != FTS_F || ftsent->fts_name[0] == '.')
continue;
sprintf(filename, "%s/%s", queue_dir, ftsent->fts_name);
snprintf(filename, sizeof(filename), "%s/%s", queue_dir,
ftsent->fts_name);
fd = open(filename, O_RDONLY);
if (fd < 0)
{

View File

@ -190,13 +190,13 @@ chop_and_send(FILE *dfp, char *delta, long msg_size, int npieces,
* Construct the tmp queue file name of a delta piece.
*/
#define mk_tmp_name(fn,qd,p) \
sprintf((fn), "%s/.%08ld.%03d", (qd), (long)getpid(), (p))
snprintf((fn), sizeof(fn), "%s/.%08ld.%03d", (qd), (long)getpid(), (p))
/*
* Construct the final queue file name of a delta piece.
*/
#define mk_queue_name(fn,qd,d,p,n) \
sprintf((fn), "%s/%s+%03d-%03d", (qd), (d), (p), (n))
snprintf((fn), sizeof(fn), "%s/%s+%03d-%03d", (qd), (d), (p), (n))
/*
* Carve our CTM delta into pieces, encode them, and queue them.