From: Jacob Garber Date: Fri, 10 May 2019 19:28:52 +0000 (-0600) Subject: kconfig: use snprintf for formatting pathnames X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=1cad5edcbe7319807b678e2c263def285f6abcd2;p=carl9170fw.git kconfig: use snprintf for formatting pathnames Valid pathnames will never exceed PATH_MAX, but these file names are unsanitized and can cause buffer overflow if set incorrectly. Use snprintf to avoid this. This was flagged during a Coverity scan of the coreboot project, which also uses kconfig for its build system. Signed-off-by: Jacob Garber Signed-off-by: Masahiro Yamada Signed-off-by: Christian Lamparter --- diff --git a/config/confdata.c b/config/confdata.c index f6461a6..e8ede23 100644 --- a/config/confdata.c +++ b/config/confdata.c @@ -241,7 +241,7 @@ char *conf_get_default_confname(void) name = expand_string(conf_defname); env = getenv(SRCTREE); if (env) { - sprintf(fullname, "%s/%s", env, name); + snprintf(fullname, sizeof(fullname), "%s/%s", env, name); if (is_present(fullname)) return fullname; } diff --git a/config/lexer.l b/config/lexer.l index 80665ae..8aa0197 100644 --- a/config/lexer.l +++ b/config/lexer.l @@ -378,7 +378,8 @@ FILE *zconf_fopen(const char *name) if (!f && name != NULL && name[0] != '/') { env = getenv(SRCTREE); if (env) { - sprintf(fullname, "%s/%s", env, name); + snprintf(fullname, sizeof(fullname), + "%s/%s", env, name); f = fopen(fullname, "r"); } }