diff options
author | bapt <bapt@FreeBSD.org> | 2013-01-22 22:41:12 +0000 |
---|---|---|
committer | bapt <bapt@FreeBSD.org> | 2013-01-22 22:41:12 +0000 |
commit | b9632eead54305628fbf36561d255b46deb10999 (patch) | |
tree | f37dcc8f54aba102f6dc2a8550696bbfc94f9978 /usr.sbin/pkg_install | |
parent | 75f69e58cce1b1205e345702e744162ee6c8b275 (diff) | |
download | FreeBSD-src-b9632eead54305628fbf36561d255b46deb10999.zip FreeBSD-src-b9632eead54305628fbf36561d255b46deb10999.tar.gz |
Use snprintf instead of strc* functions and add bounds checking when creating
pkgngpath
Submitted by: sbz, gahr
Diffstat (limited to 'usr.sbin/pkg_install')
-rw-r--r-- | usr.sbin/pkg_install/lib/lib.h | 2 | ||||
-rw-r--r-- | usr.sbin/pkg_install/lib/pkgng.c | 11 |
2 files changed, 9 insertions, 4 deletions
diff --git a/usr.sbin/pkg_install/lib/lib.h b/usr.sbin/pkg_install/lib/lib.h index aebcc0b..77b2c71 100644 --- a/usr.sbin/pkg_install/lib/lib.h +++ b/usr.sbin/pkg_install/lib/lib.h @@ -99,7 +99,7 @@ * Version of the package tools - increase whenever you make a change * in the code that is not cosmetic only. */ -#define PKG_INSTALL_VERSION 20121109 +#define PKG_INSTALL_VERSION 20130122 #define PKG_WRAPCONF_FNAME "/var/db/pkg_install.conf" #define main(argc, argv) real_main(argc, argv) diff --git a/usr.sbin/pkg_install/lib/pkgng.c b/usr.sbin/pkg_install/lib/pkgng.c index a8731c7..9fbc976 100644 --- a/usr.sbin/pkg_install/lib/pkgng.c +++ b/usr.sbin/pkg_install/lib/pkgng.c @@ -38,9 +38,10 @@ this system."; void warnpkgng(void) { - char pkgngpath[MAXPATHLEN]; + char pkgngpath[MAXPATHLEN + 1]; char *pkgngdir; char *dontwarn; + int rc; dontwarn = getenv("PKG_OLD_NOWARN"); if (dontwarn != NULL) @@ -48,8 +49,12 @@ void warnpkgng(void) pkgngdir = getenv("PKG_DBDIR"); if (pkgngdir == NULL) pkgngdir = "/var/db/pkg"; - strcpy(pkgngpath, pkgngdir); - strcat(pkgngpath, "/local.sqlite"); + + rc = snprintf(pkgngpath, sizeof(pkgngpath) "%s/local.sqlite", pkgngdir); + if (rc >= sizeof(pkgngpath)) { + warnx("path too long: %s/local.sqlite", pkgngdir); + return; + } if (access(pkgngpath, F_OK) == 0) warnx(message); |