From 4ee0999e2051b8ae021eff5599286f729be73ec8 Mon Sep 17 00:00:00 2001 From: cperciva Date: Tue, 15 Apr 2008 23:29:51 +0000 Subject: Fix one-byte buffer overflow: NUL gets written to the buffer, but isn't counted in the width specification in scanf. This is not a security problem, since this function is only used to parse a user's configuration file. Submitted by: Joerg Sonnenberger Obtained from: dragonflybsd MFC after: 1 week --- lib/libfetch/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/libfetch/common.c') diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index e8eebcb..d49336a 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -655,7 +655,7 @@ fetch_read_word(FILE *f) { static char word[1024]; - if (fscanf(f, " %1024s ", word) != 1) + if (fscanf(f, " %1023s ", word) != 1) return (NULL); return (word); } -- cgit v1.1