Author: delphij Date: Mon Sep 3 06:55:38 2018 New Revision: 338440 URL: https://svnweb.freebsd.org/changeset/base/338440
Log: MFC r337522: In read_zones(), check if the file name actually fit in the buffer and make sure it would terminate with nul with strlcpy(). Reviewed by: imp (earlier revision) Differential Revision: https://reviews.freebsd.org/D16595 Modified: stable/11/usr.sbin/tzsetup/tzsetup.c Directory Properties: stable/11/ (props changed) Modified: stable/11/usr.sbin/tzsetup/tzsetup.c ============================================================================== --- stable/11/usr.sbin/tzsetup/tzsetup.c Mon Sep 3 06:36:28 2018 (r338439) +++ stable/11/usr.sbin/tzsetup/tzsetup.c Mon Sep 3 06:55:38 2018 (r338440) @@ -481,7 +481,7 @@ read_zones(void) char contbuf[16]; FILE *fp; struct continent *cont; - size_t len; + size_t len, contlen; char *line, *tlc, *file, *descr, *p; int lineno; @@ -504,12 +504,16 @@ read_zones(void) path_zonetab, lineno, tlc); /* coord = */ strsep(&line, "\t"); /* Unused */ file = strsep(&line, "\t"); + /* get continent portion from continent/country */ p = strchr(file, '/'); if (p == NULL) errx(1, "%s:%d: invalid zone name `%s'", path_zonetab, lineno, file); - contbuf[0] = '\0'; - strncat(contbuf, file, p - file); + contlen = p - file + 1; /* trailing nul */ + if (contlen > sizeof(contbuf)) + errx(1, "%s:%d: continent name in zone name `%s' too long", + path_zonetab, lineno, file); + strlcpy(contbuf, file, contlen); cont = find_continent(contbuf); if (!cont) errx(1, "%s:%d: invalid region `%s'", path_zonetab, _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
