git: c5f019807059 - main - stand: fix buffer overflow in getrootmount()

From: Robert Wing <rew_at_FreeBSD.org>
Date: Sat, 25 Feb 2023 18:43:00 UTC
The branch main has been updated by rew:

URL: https://cgit.FreeBSD.org/src/commit/?id=c5f01980705930bf46059a004e20e010d8e21dfa

commit c5f01980705930bf46059a004e20e010d8e21dfa
Author:     Robert Wing <rew@FreeBSD.org>
AuthorDate: 2023-02-25 09:37:32 +0000
Commit:     Robert Wing <rew@FreeBSD.org>
CommitDate: 2023-02-25 09:37:32 +0000

    stand: fix buffer overflow in getrootmount()
    
    Reviewed by:    imp, allanjude
    Sponsored By:   Beckhoff Automation GmbH & Co. KG
    Sponsored By:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D38734
---
 stand/common/boot.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/stand/common/boot.c b/stand/common/boot.c
index 06f604f595df..3ec827617d56 100644
--- a/stand/common/boot.c
+++ b/stand/common/boot.c
@@ -32,8 +32,9 @@ __FBSDID("$FreeBSD$");
  */
 
 #include <stand.h>
-#include <sys/reboot.h>
 #include <sys/boot.h>
+#include <sys/kenv.h>
+#include <sys/reboot.h>
 #include <string.h>
 
 #include "bootstrap.h"
@@ -321,14 +322,14 @@ getbootfile(int try)
 int
 getrootmount(char *rootdev)
 {
-	char	lbuf[128], *cp, *ep, *dev, *fstyp, *options;
+	char	lbuf[KENV_MVALLEN], *cp, *ep, *dev, *fstyp, *options;
 	int		fd, error;
 
 	if (getenv("vfs.root.mountfrom") != NULL)
 		return(0);
 
 	error = 1;
-	sprintf(lbuf, "%s/etc/fstab", rootdev);
+	snprintf(lbuf, sizeof(lbuf), "%s/etc/fstab", rootdev);
 	if ((fd = open(lbuf, O_RDONLY)) < 0)
 		goto notfound;
 
@@ -382,7 +383,7 @@ getrootmount(char *rootdev)
 		*cp = 0;
 		options = strdup(ep);
 		/* Build the <fstype>:<device> and save it in vfs.root.mountfrom */
-		sprintf(lbuf, "%s:%s", fstyp, dev);
+		snprintf(lbuf, sizeof(lbuf), "%s:%s", fstyp, dev);
 		setenv("vfs.root.mountfrom", lbuf, 0);
 
 		/* Don't override vfs.root.mountfrom.options if it is already set */