Fix two unsafe uses of sprintf().

author: tjr <tjr@FreeBSD.org> 2003-02-23 07:37:47 +0000
committer: tjr <tjr@FreeBSD.org> 2003-02-23 07:37:47 +0000
commit: 1efdc354264822c8805c1d43784c93ba28fc14f0 (patch)
tree: fbeeb3e7c9094766c3376987ba0be6c26eaf7e13 /sbin/gbde/gbde.c
parent: 9da403e48c25f4100a1febdffa6b0aa4c372c7fa (diff)
download: FreeBSD-src-1efdc354264822c8805c1d43784c93ba28fc14f0.zip
FreeBSD-src-1efdc354264822c8805c1d43784c93ba28fc14f0.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/sbin/gbde/gbde.c b/sbin/gbde/gbde.c
index 5fbab19..4e6dd26 100644
--- a/sbin/gbde/gbde.c
+++ b/sbin/gbde/gbde.c
@@ -491,7 +491,9 @@ cmd_init(struct g_bde_key *gl, int dfd, const char *f_opt, int i_opt, const char
 			p = getenv("EDITOR");
 			if (p == NULL)
 				p = "vi";
-			sprintf(cbuf, "%s %s\n", p, q);
+			if (snprintf(cbuf, sizeof(cbuf), "%s %s\n", p, q) >=
+			    (ssize_t)sizeof(cbuf))
+				errx(1, "EDITOR is too long");
 			system(cbuf);
 		}
 		i = open(q, O_RDONLY);
@@ -749,8 +751,11 @@ main(int argc, char **argv)
 	if (doopen) {
 		dfd = open(dest, O_RDWR | O_CREAT, 0644);
 		if (dfd < 0) {
-			sprintf(buf, "%s%s", _PATH_DEV, dest);
-			dfd = open(buf, O_RDWR | O_CREAT, 0644);
+			if (snprintf(buf, sizeof(buf), "%s%s",
+			    _PATH_DEV, dest) >= (ssize_t)sizeof(buf))
+				errno = ENAMETOOLONG;
+			else
+				dfd = open(buf, O_RDWR | O_CREAT, 0644);
 		}
 		if (dfd < 0)
 			err(1, "%s", dest);
author	tjr <tjr@FreeBSD.org>	2003-02-23 07:37:47 +0000
committer	tjr <tjr@FreeBSD.org>	2003-02-23 07:37:47 +0000
commit	1efdc354264822c8805c1d43784c93ba28fc14f0 (patch)
tree	fbeeb3e7c9094766c3376987ba0be6c26eaf7e13 /sbin/gbde/gbde.c
parent	9da403e48c25f4100a1febdffa6b0aa4c372c7fa (diff)
download	FreeBSD-src-1efdc354264822c8805c1d43784c93ba28fc14f0.zip FreeBSD-src-1efdc354264822c8805c1d43784c93ba28fc14f0.tar.gz