diff options
author | cperciva <cperciva@FreeBSD.org> | 2008-04-15 23:29:51 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2008-04-15 23:29:51 +0000 |
commit | 4ee0999e2051b8ae021eff5599286f729be73ec8 (patch) | |
tree | 0e100dddcfe3c8c34820974abf65db736cc58e1b /lib/libfetch | |
parent | 3f916c88e317083aac61c03f3e7dba95e65d83ac (diff) | |
download | FreeBSD-src-4ee0999e2051b8ae021eff5599286f729be73ec8.zip FreeBSD-src-4ee0999e2051b8ae021eff5599286f729be73ec8.tar.gz |
Fix one-byte buffer overflow: NUL gets written to the buffer, but isn't
counted in the width specification in scanf.
This is not a security problem, since this function is only used to
parse a user's configuration file.
Submitted by: Joerg Sonnenberger
Obtained from: dragonflybsd
MFC after: 1 week
Diffstat (limited to 'lib/libfetch')
-rw-r--r-- | lib/libfetch/common.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index e8eebcb..d49336a 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -655,7 +655,7 @@ fetch_read_word(FILE *f) { static char word[1024]; - if (fscanf(f, " %1024s ", word) != 1) + if (fscanf(f, " %1023s ", word) != 1) return (NULL); return (word); } |