diff options
| author | cem <cem@FreeBSD.org> | 2016-05-12 03:53:20 +0000 |
|---|---|---|
| committer | cem <cem@FreeBSD.org> | 2016-05-12 03:53:20 +0000 |
| commit | 3f6e1e85c8d62e3585cc065f9be1869c45115aae (patch) | |
| tree | 6df2c763616ba28a4378aa60244715c8ec262955 /lib/libmp | |
| parent | 97f5dee5405af286addae99e24aa1701e8502db7 (diff) | |
| download | FreeBSD-src-3f6e1e85c8d62e3585cc065f9be1869c45115aae.zip FreeBSD-src-3f6e1e85c8d62e3585cc065f9be1869c45115aae.tar.gz | |
libmp: Fix trivial buffer overrun
fgetln yields a non-NUL-terminated buffer and its length. This routine
attempted to NUL-terminate it, but did not allocate space for the NUL. So,
allocate space for the NUL.
Reported by: Coverity
CID: 1017457
Sponsored by: EMC / Isilon Storage Division
Diffstat (limited to 'lib/libmp')
| -rw-r--r-- | lib/libmp/mpasbn.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libmp/mpasbn.c b/lib/libmp/mpasbn.c index bc5556d..2656124 100644 --- a/lib/libmp/mpasbn.c +++ b/lib/libmp/mpasbn.c @@ -286,10 +286,10 @@ mp_min(MINT *mp) line = fgetln(stdin, &linelen); if (line == NULL) MPERR(("min")); - nline = malloc(linelen); + nline = malloc(linelen + 1); if (nline == NULL) MPERR(("min")); - strncpy(nline, line, linelen); + memcpy(nline, line, linelen); nline[linelen] = '\0'; rmp = _dtom("min", nline); _movem("min", rmp, mp); |
