svn commit: r301156 - stable/10/usr.sbin/tzsetup

Wed Jun 1 17:57:57 UTC 2016

Author: truckman
Date: Wed Jun  1 17:57:56 2016
New Revision: 301156
URL: https://svnweb.freebsd.org/changeset/base/301156

Log:
  MFC r300706
  
  Avoid buffer overflow or truncation when constructing path_zoneinfo_file.
  
  Reported by:	Coverity
  CID:		1011160

Modified:
  stable/10/usr.sbin/tzsetup/tzsetup.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.sbin/tzsetup/tzsetup.c
==============================================================================

--- stable/10/usr.sbin/tzsetup/tzsetup.c	Wed Jun  1 17:47:34 2016	(r301155)
+++ stable/10/usr.sbin/tzsetup/tzsetup.c	Wed Jun  1 17:57:56 2016	(r301156)
@@ -837,7 +837,9 @@ install_zoneinfo(const char *zoneinfo)
 	FILE		*f;
 	char		path_zoneinfo_file[MAXPATHLEN];
 
-	sprintf(path_zoneinfo_file, "%s/%s", path_zoneinfo, zoneinfo);
+	if ((size_t)snprintf(path_zoneinfo_file, sizeof(path_zoneinfo_file),
+	    "%s/%s", path_zoneinfo, zoneinfo) >= sizeof(path_zoneinfo_file))
+		errx(1, "%s/%s name too long", path_zoneinfo, zoneinfo);
 	rv = install_zoneinfo_file(path_zoneinfo_file);
 
 	/* Save knowledge for later */
