Fix buffer overflows in filenames. If you had a path > 80 characters

for your /usr/obj/path/to/my/files path to the kernel, then weird
things happened.  make buildkernel would fail because config was
dumping core or generating bad file names (depending on the lenght of
the path).

While I was here, also use strlcpy, strlcat and snprintf (or asprintf)
as necessary.  Minor format policing for the snprintf calls as well.

1 files changed, 9 insertions, 11 deletions

diff --git a/usr.sbin/config/main.c b/usr.sbin/config/main.c
index d803325..638ac90 100644
--- a/usr.sbin/config/main.c
+++ b/usr.sbin/config/main.c
@@ -96,7 +96,7 @@ main(int argc, char **argv)
 		switch (ch) {
 		case 'd':
 			if (*destdir == '\0')
-				strcpy(destdir, optarg);
+				strlcpy(destdir, optarg, sizeof(destdir));
 			else
 				errx(2, "directory already set");
 			break;
@@ -133,8 +133,8 @@ main(int argc, char **argv)
 			destdir[--len] = '\0';
 		get_srcdir();
 	} else {
-		strcpy(destdir, CDIR);
-		strcat(destdir, PREFIX);
+		strlcpy(destdir, CDIR, sizeof(destdir));
+		strlcat(destdir, PREFIX, sizeof(destdir));
 	}
 
 	p = path((char *)NULL);
@@ -181,7 +181,7 @@ main(int argc, char **argv)
 	 * and similarly for "machine".
 	 */
 	{
-	char xxx[80];
+	char xxx[MAXPATHLEN];
 	if (*srcdir == '\0')
 		(void)snprintf(xxx, sizeof(xxx), "../../%s/include",
 		    machinename);
@@ -343,14 +343,12 @@ begin:
 char *
 path(char *file)
 {
-	char *cp;
+	char *cp = NULL;
 
-	cp = malloc((size_t)(strlen(destdir) + (file ? strlen(file) : 0) + 2));
-	(void) strcpy(cp, destdir);
-	if (file) {
-		(void) strcat(cp, "/");
-		(void) strcat(cp, file);
-	}
+	if (file)
+		asprintf(&cp, "%s/%s", destdir, file);
+	else
+		cp = strdup(destdir);
 	return (cp);
 }