Author: truckman
Date: Wed Jun 1 22:39:15 2016
New Revision: 301178
URL: https://svnweb.freebsd.org/changeset/base/301178
Log:
MFC r300705 (compensating for fortune moving from games to usr.bin)
Avoid buffer overflow when copying the input file name and appending .dat.
Check the return value from fread() to be sure that it was successful.
Reported by: Coverity
CID: 1006709, 1009452
Modified:
stable/10/games/fortune/unstr/unstr.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/games/fortune/unstr/unstr.c
==============================================================================
--- stable/10/games/fortune/unstr/unstr.c Wed Jun 1 22:34:21 2016
(r301177)
+++ stable/10/games/fortune/unstr/unstr.c Wed Jun 1 22:39:15 2016
(r301178)
@@ -86,13 +86,19 @@ main(int argc, char *argv[])
exit(1);
}
Infile = argv[1];
- strcpy(Datafile, Infile);
- strcat(Datafile, ".dat");
+ if ((size_t)snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile) >=
+ sizeof(Datafile))
+ errx(1, "%s name too long", Infile);
if ((Inf = fopen(Infile, "r")) == NULL)
err(1, "%s", Infile);
if ((Dataf = fopen(Datafile, "r")) == NULL)
err(1, "%s", Datafile);
- fread((char *)&tbl, sizeof(tbl), 1, Dataf);
+ if (fread((char *)&tbl, sizeof(tbl), 1, Dataf) != 1) {
+ if (feof(Dataf))
+ errx(1, "%s read EOF", Datafile);
+ else
+ err(1, "%s read", Datafile);
+ }
tbl.str_version = be32toh(tbl.str_version);
tbl.str_numstr = be32toh(tbl.str_numstr);
tbl.str_longlen = be32toh(tbl.str_longlen);
_______________________________________________
svn-src-stable-10@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"
