Avoid buffer overflow or truncation when constructing path_zoneinfo_file.

Reported by: Coverity CID: 1011160 MFC after: 1 week
author: truckman <truckman@FreeBSD.org> 2016-05-26 01:45:04 +0000
committer: truckman <truckman@FreeBSD.org> 2016-05-26 01:45:04 +0000
commit: 48b6d2c8b7c6aa6df4bf6cc5c1f107869764b5f3 (patch)
tree: aeebb23ad0b96551a1661b1fe5877ec09f1a5ec8 /usr.sbin/tzsetup
parent: 258d969a37a15bb8c9793035ccdb7fae5e5699fb (diff)
download: FreeBSD-src-48b6d2c8b7c6aa6df4bf6cc5c1f107869764b5f3.zip
FreeBSD-src-48b6d2c8b7c6aa6df4bf6cc5c1f107869764b5f3.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/tzsetup/tzsetup.c b/usr.sbin/tzsetup/tzsetup.c
index e571d1f..ce9e148 100644
--- a/usr.sbin/tzsetup/tzsetup.c
+++ b/usr.sbin/tzsetup/tzsetup.c
@@ -838,7 +838,9 @@ install_zoneinfo(const char *zoneinfo)
 	FILE		*f;
 	char		path_zoneinfo_file[MAXPATHLEN];
 
-	sprintf(path_zoneinfo_file, "%s/%s", path_zoneinfo, zoneinfo);
+	if ((size_t)snprintf(path_zoneinfo_file, sizeof(path_zoneinfo_file),
+	    "%s/%s", path_zoneinfo, zoneinfo) >= sizeof(path_zoneinfo_file))
+		errx(1, "%s/%s name too long", path_zoneinfo, zoneinfo);
 	rv = install_zoneinfo_file(path_zoneinfo_file);
 
 	/* Save knowledge for later */
author	truckman <truckman@FreeBSD.org>	2016-05-26 01:45:04 +0000
committer	truckman <truckman@FreeBSD.org>	2016-05-26 01:45:04 +0000
commit	48b6d2c8b7c6aa6df4bf6cc5c1f107869764b5f3 (patch)
tree	aeebb23ad0b96551a1661b1fe5877ec09f1a5ec8 /usr.sbin/tzsetup
parent	258d969a37a15bb8c9793035ccdb7fae5e5699fb (diff)
download	FreeBSD-src-48b6d2c8b7c6aa6df4bf6cc5c1f107869764b5f3.zip FreeBSD-src-48b6d2c8b7c6aa6df4bf6cc5c1f107869764b5f3.tar.gz