kconfig: use snprintf for formatting pathnames

Valid pathnames will never exceed PATH_MAX, but these file names
are unsanitized and can cause buffer overflow if set incorrectly.
Use snprintf to avoid this. This was flagged during a Coverity scan
of the coreboot project, which also uses kconfig for its build system.

Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

diff --git a/config/confdata.c b/config/confdata.c
index f6461a6af4bc9a573305b7d1b6e8af5b0997980d..e8ede23f0021bee3bbbd69953460f12d3bd72aa0 100644 (file)
--- a/config/confdata.c
+++ b/config/confdata.c
@@ -241,7 +241,7 @@ char *conf_get_default_confname(void)
        name = expand_string(conf_defname);
        env = getenv(SRCTREE);
        if (env) {
-               sprintf(fullname, "%s/%s", env, name);
+               snprintf(fullname, sizeof(fullname), "%s/%s", env, name);
                if (is_present(fullname))
                        return fullname;
        }

diff --git a/config/lexer.l b/config/lexer.l
index 80665ae17289a0c701537112061e31b44a648d16..8aa019777f3d4291ef09efc001d4e18266aea905 100644 (file)
--- a/config/lexer.l
+++ b/config/lexer.l
@@ -378,7 +378,8 @@ FILE *zconf_fopen(const char *name)
        if (!f && name != NULL && name[0] != '/') {
                env = getenv(SRCTREE);
                if (env) {
-                       sprintf(fullname, "%s/%s", env, name);
+                       snprintf(fullname, sizeof(fullname),
+                                "%s/%s", env, name);
                        f = fopen(fullname, "r");
                }
        }