hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-09-21 15:52:39 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Avoid buffer overflow when copying the input file name and appending .dat.

Browse Source 
Check the return value from fread() to be sure that it was successful.

Reported by:	Coverity
CID:		1006709, 1009452
MFC after:	1 week
This commit is contained in:
Don Lewis 2016-05-26 01:33:24 +00:00
parent 40424a256a
commit 243e928310
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=300705
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
usr.bin/fortune/unstr/unstr.c
View File

@ -86,13 +86,19 @@ main(int argc, char *argv[])
exit(1);
}
Infile = argv[1];
strcpy(Datafile, Infile);
strcat(Datafile, ".dat");
if ((size_t)snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile) >=
sizeof(Datafile))
errx(1, "%s name too long", Infile);
if ((Inf = fopen(Infile, "r")) == NULL)
err(1, "%s", Infile);
if ((Dataf = fopen(Datafile, "r")) == NULL)
err(1, "%s", Datafile);
fread((char *)&tbl, sizeof(tbl), 1, Dataf);
if (fread((char *)&tbl, sizeof(tbl), 1, Dataf) != 1) {
if (feof(Dataf))
errx(1, "%s read EOF", Datafile);
else
err(1, "%s read", Datafile);
}
tbl.str_version = be32toh(tbl.str_version);
tbl.str_numstr = be32toh(tbl.str_numstr);
tbl.str_longlen = be32toh(tbl.str_longlen);