db/btree/bt_open.c: check return value of snprintf() and return value

if the result is truncated. db/hash/hash_page.c: use the same way to create temporary file as bt_open.c; check snprintf() return value. Obtained from: OpenBSD
author: delphij <delphij@FreeBSD.org> 2009-03-28 05:57:27 +0000
committer: delphij <delphij@FreeBSD.org> 2009-03-28 05:57:27 +0000
commit: 13f44a2a242d0a0c1ccb45ecb1ffdee19a0c6f8a (patch)
tree: 0a6801eaaefea7f6cb427376ac4bedcb2861c390 /lib/libc/db/btree
parent: 21b00fc42b2ab16bc19a270792a72971dc10973f (diff)
download: FreeBSD-src-13f44a2a242d0a0c1ccb45ecb1ffdee19a0c6f8a.zip
FreeBSD-src-13f44a2a242d0a0c1ccb45ecb1ffdee19a0c6f8a.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/libc/db/btree/bt_open.c b/lib/libc/db/btree/bt_open.c
index ec6239f..7422ca4 100644
--- a/lib/libc/db/btree/bt_open.c
+++ b/lib/libc/db/btree/bt_open.c
@@ -383,14 +383,18 @@ static int
 tmp(void)
 {
 	sigset_t set, oset;
-	int fd;
+	int fd, len;
 	char *envtmp = NULL;
 	char path[MAXPATHLEN];
 
 	if (issetugid() == 0)
 		envtmp = getenv("TMPDIR");
-	(void)snprintf(path,
+	len = snprintf(path,
 	    sizeof(path), "%s/bt.XXXXXXXXXX", envtmp ? envtmp : "/tmp");
+	if (len < 0 || len >= (int)sizeof(path)) {
+		errno = ENAMETOOLONG;
+		return(-1);
+	}
 
 	(void)sigfillset(&set);
 	(void)_sigprocmask(SIG_BLOCK, &set, &oset);
author	delphij <delphij@FreeBSD.org>	2009-03-28 05:57:27 +0000
committer	delphij <delphij@FreeBSD.org>	2009-03-28 05:57:27 +0000
commit	13f44a2a242d0a0c1ccb45ecb1ffdee19a0c6f8a (patch)
tree	0a6801eaaefea7f6cb427376ac4bedcb2861c390 /lib/libc/db/btree
parent	21b00fc42b2ab16bc19a270792a72971dc10973f (diff)
download	FreeBSD-src-13f44a2a242d0a0c1ccb45ecb1ffdee19a0c6f8a.zip FreeBSD-src-13f44a2a242d0a0c1ccb45ecb1ffdee19a0c6f8a.tar.gz