> On 5 Sep 2016, at 12:13, Ali H. Fardan <r...@firemail.cc> wrote:
>
> You can't specify a buffer size in asprintf() therefore, it is not secure,
> you can see that snprintf() does write to the `i` bytes to the buffer
asprintf allocates the memory it needs to write to, unlike snprintf which
requires a preallocated buffer.
>
> Raiz
>
> -------- Original Message --------
> Subject: mount(8): strlen + malloc + snprintf == asprintf
> Date: 2016-09-04 19:47
> From: Michal Mazurek <akf...@jasminek.net>
> To: tech@openbsd.org
>
> do what tb@ did for hexdump
>
> Index: sbin/mount/mount.c
> ===================================================================
> RCS file: /cvs/src/sbin/mount/mount.c,v
> retrieving revision 1.66
> diff -u -p -r1.66 mount.c
> --- sbin/mount/mount.c 26 Jun 2016 19:53:40 -0000 1.66
> +++ sbin/mount/mount.c 4 Sep 2016 16:38:41 -0000
> @@ -685,19 +685,16 @@ maketypelist(char *fslist)
> char *
> catopt(char *s0, const char *s1)
> {
> - size_t i;
> char *cp;
>
> if (s0 && *s0) {
> - i = strlen(s0) + strlen(s1) + 1 + 1;
> - if ((cp = malloc(i)) == NULL)
> + if (asprintf(&cp, "%s,%s", s0, s1) == -1)
> err(1, NULL);
> - (void)snprintf(cp, i, "%s,%s", s0, s1);
> } else
> cp = strdup(s1);
>
> free(s0);
> - return (cp);
> + return cp;
> }
>
> void
>
