From 0e961ee647d02838c0c3eb117ac007a28f1e49fb Mon Sep 17 00:00:00 2001
From: schweikh <schweikh@FreeBSD.org>
Date: Tue, 23 Dec 2003 15:01:12 +0000
Subject: Fix a case of undefined behavior due to overlapping buf objects in
 snprintf (buf, size, fmt, buf, etc). This only works by chance with our libc,
 but fails (with a truncated string) on e.g. glibc.

Okayed by:	sobomax
MFC after:	1 week
---
 usr.sbin/pkg_install/lib/match.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'usr.sbin')

diff --git a/usr.sbin/pkg_install/lib/match.c b/usr.sbin/pkg_install/lib/match.c
index 5312c27..27db978 100644
--- a/usr.sbin/pkg_install/lib/match.c
+++ b/usr.sbin/pkg_install/lib/match.c
@@ -236,13 +236,14 @@ int
 isinstalledpkg(const char *name)
 {
     char buf[FILENAME_MAX];
+    char buf2[FILENAME_MAX];
 
     snprintf(buf, sizeof(buf), "%s/%s", LOG_DIR, name);
     if (!isdir(buf) || access(buf, R_OK) == FAIL)
 	return FALSE;
 
-    snprintf(buf, sizeof(buf), "%s/%s", buf, CONTENTS_FNAME);
-    if (!isfile(buf) || access(buf, R_OK) == FAIL)
+    snprintf(buf2, sizeof(buf2), "%s/%s", buf, CONTENTS_FNAME);
+    if (!isfile(buf2) || access(buf2, R_OK) == FAIL)
 	return FALSE;
 
     return TRUE;
-- 
cgit v1.1