diff options
author | dds <dds@FreeBSD.org> | 2006-12-03 17:50:21 +0000 |
---|---|---|
committer | dds <dds@FreeBSD.org> | 2006-12-03 17:50:21 +0000 |
commit | af51ff22340d96d114f2e3775d320add25977611 (patch) | |
tree | 0cd3dee31733eda568f33a488b13329d02715775 /usr.bin/jot | |
parent | 552b6c0ead97cdc98a42d8140db41253cd9bd97a (diff) | |
download | FreeBSD-src-af51ff22340d96d114f2e3775d320add25977611.zip FreeBSD-src-af51ff22340d96d114f2e3775d320add25977611.tar.gz |
Prevent buffer overflow when forcibly terminating an escape character.
Obtained from: OpenBSD
Note: In the case of a full buffer the OpenBSD implementation will
leave in the format string an invalid escape sequence. This appears
to be harmless with our C library, but according to C99 this can
cause undefined behavior.
MFC after: 2 weeks
Diffstat (limited to 'usr.bin/jot')
-rw-r--r-- | usr.bin/jot/jot.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.bin/jot/jot.c b/usr.bin/jot/jot.c index 34ec76b..088903f 100644 --- a/usr.bin/jot/jot.c +++ b/usr.bin/jot/jot.c @@ -480,7 +480,9 @@ fmt_broken: else if (*p == '%' && *(p+1) == '%') p++; else if (*p == '%' && !*(p+1)) { - strcat(format, "%"); + if (strlcat(format, "%", sizeof(format)) >= + sizeof(format)) + errx(1, "-w word too long"); break; } } |