svn commit: r205070 - stable/8/lib/libc/stdio
Oliver Pinter
oliver.pntr at gmail.com
Fri Mar 12 13:56:06 UTC 2010
this commit for 7-STABLE?
On 3/12/10, Jaakko Heinonen <jh at freebsd.org> wrote:
> Author: jh
> Date: Fri Mar 12 06:56:51 2010
> New Revision: 205070
> URL: http://svn.freebsd.org/changeset/base/205070
>
> Log:
> MFC r204447:
>
> In _gettemp(), check that the length of the path doesn't exceed
> MAXPATHLEN. Otherwise the path name (or part of it) may not fit to
> carrybuf causing a buffer overflow.
>
> PR: bin/140228
>
> Modified:
> stable/8/lib/libc/stdio/mktemp.c
> Directory Properties:
> stable/8/lib/libc/ (props changed)
> stable/8/lib/libc/stdtime/ (props changed)
>
> Modified: stable/8/lib/libc/stdio/mktemp.c
> ==============================================================================
> --- stable/8/lib/libc/stdio/mktemp.c Fri Mar 12 06:31:19 2010 (r205069)
> +++ stable/8/lib/libc/stdio/mktemp.c Fri Mar 12 06:56:51 2010 (r205070)
> @@ -116,6 +116,10 @@ _gettemp(path, doopen, domkdir, slen)
>
> for (trv = path; *trv != '\0'; ++trv)
> ;
> + if (trv - path >= MAXPATHLEN) {
> + errno = ENAMETOOLONG;
> + return (0);
> + }
> trv -= slen;
> suffp = trv;
> --trv;
> _______________________________________________
> svn-src-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/svn-src-stable
> To unsubscribe, send any mail to "svn-src-stable-unsubscribe at freebsd.org"
>
More information about the svn-src-all
mailing list