diff options
| author | truckman <truckman@FreeBSD.org> | 2016-06-15 06:33:40 +0000 |
|---|---|---|
| committer | truckman <truckman@FreeBSD.org> | 2016-06-15 06:33:40 +0000 |
| commit | c77fcd4fd3a5d4b708c65feab05797b8074c6cb6 (patch) | |
| tree | 6c4410436d23509fa819ad598753f33d71cdf6ca | |
| parent | c2353f9c1e6539602827e9107e7f972a99f5aae3 (diff) | |
| download | FreeBSD-src-c77fcd4fd3a5d4b708c65feab05797b8074c6cb6.zip FreeBSD-src-c77fcd4fd3a5d4b708c65feab05797b8074c6cb6.tar.gz | |
MFC r301582
Explicitly NUL terminate the buffer filled by fread().
The fix in r300649 was not sufficient to convince Coverity that the
buffer was NUL terminated, even with the buffer pre-zeroed. Swap
the size and nmemb arguments to fread() so that a valid lenght is
returned, which we can use to terminate the string in the buffer
at the correct location. This should also quiet the complaint about
the return value of fread() not being checked.
Reported by: Coverity
CID: 1019054, 1009614
Secur3ty:
Sponsore dby:
| -rw-r--r-- | bin/setfacl/file.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/bin/setfacl/file.c b/bin/setfacl/file.c index e5e19a2..7499f1c 100644 --- a/bin/setfacl/file.c +++ b/bin/setfacl/file.c @@ -43,13 +43,12 @@ acl_t get_acl_from_file(const char *filename) { FILE *file; + size_t len; char buf[BUFSIZ+1]; if (filename == NULL) err(1, "(null) filename in get_acl_from_file()"); - bzero(&buf, sizeof(buf)); - if (strcmp(filename, "-") == 0) { if (have_stdin != 0) err(1, "cannot specify more than one stdin"); @@ -61,7 +60,8 @@ get_acl_from_file(const char *filename) err(1, "fopen() %s failed", filename); } - fread(buf, sizeof(buf) - 1, (size_t)1, file); + len = fread(buf, (size_t)1, sizeof(buf) - 1, file); + buf[len] = '\0'; if (ferror(file) != 0) { fclose(file); err(1, "error reading from %s", filename); |
