git: c5f019807059 - main - stand: fix buffer overflow in getrootmount()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 25 Feb 2023 18:43:00 UTC
The branch main has been updated by rew: URL: https://cgit.FreeBSD.org/src/commit/?id=c5f01980705930bf46059a004e20e010d8e21dfa commit c5f01980705930bf46059a004e20e010d8e21dfa Author: Robert Wing <rew@FreeBSD.org> AuthorDate: 2023-02-25 09:37:32 +0000 Commit: Robert Wing <rew@FreeBSD.org> CommitDate: 2023-02-25 09:37:32 +0000 stand: fix buffer overflow in getrootmount() Reviewed by: imp, allanjude Sponsored By: Beckhoff Automation GmbH & Co. KG Sponsored By: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D38734 --- stand/common/boot.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/stand/common/boot.c b/stand/common/boot.c index 06f604f595df..3ec827617d56 100644 --- a/stand/common/boot.c +++ b/stand/common/boot.c @@ -32,8 +32,9 @@ __FBSDID("$FreeBSD$"); */ #include <stand.h> -#include <sys/reboot.h> #include <sys/boot.h> +#include <sys/kenv.h> +#include <sys/reboot.h> #include <string.h> #include "bootstrap.h" @@ -321,14 +322,14 @@ getbootfile(int try) int getrootmount(char *rootdev) { - char lbuf[128], *cp, *ep, *dev, *fstyp, *options; + char lbuf[KENV_MVALLEN], *cp, *ep, *dev, *fstyp, *options; int fd, error; if (getenv("vfs.root.mountfrom") != NULL) return(0); error = 1; - sprintf(lbuf, "%s/etc/fstab", rootdev); + snprintf(lbuf, sizeof(lbuf), "%s/etc/fstab", rootdev); if ((fd = open(lbuf, O_RDONLY)) < 0) goto notfound; @@ -382,7 +383,7 @@ getrootmount(char *rootdev) *cp = 0; options = strdup(ep); /* Build the <fstype>:<device> and save it in vfs.root.mountfrom */ - sprintf(lbuf, "%s:%s", fstyp, dev); + snprintf(lbuf, sizeof(lbuf), "%s:%s", fstyp, dev); setenv("vfs.root.mountfrom", lbuf, 0); /* Don't override vfs.root.mountfrom.options if it is already set */