svn commit: r243895 - head/usr.sbin/pw
Pawel Jakub Dawidek
pjd at FreeBSD.org
Wed Dec 5 20:39:12 UTC 2012
On Wed, Dec 05, 2012 at 01:56:46PM +0000, Eitan Adler wrote:
> Author: eadler
> Date: Wed Dec 5 13:56:46 2012
> New Revision: 243895
> URL: http://svnweb.freebsd.org/changeset/base/243895
>
> Log:
> Avoid overflow of file buffer
Buffer won't overflow, but the path will be truncated, which is neither
detected nor handled.
> Submitted by: db
> Approved by: cperciva
> MFC after: 2 weeks
>
> Modified:
> head/usr.sbin/pw/pw_user.c
>
> Modified: head/usr.sbin/pw/pw_user.c
> ==============================================================================
> --- head/usr.sbin/pw/pw_user.c Wed Dec 5 13:56:43 2012 (r243894)
> +++ head/usr.sbin/pw/pw_user.c Wed Dec 5 13:56:46 2012 (r243895)
> @@ -394,7 +394,7 @@ pw_user(struct userconf * cnf, int mode,
> /*
> * Remove crontabs
> */
> - sprintf(file, "/var/cron/tabs/%s", pwd->pw_name);
> + snprintf(file, sizeof(file), "/var/cron/tabs/%s", pwd->pw_name);
> if (access(file, F_OK) == 0) {
> sprintf(file, "crontab -u %s -r", pwd->pw_name);
> system(file);
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20121205/6393a016/attachment.sig>
More information about the svn-src-all
mailing list