diff options
| author | Xin LI <delphij@FreeBSD.org> | 2018-08-09 02:47:22 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2018-08-09 02:47:22 +0000 |
| commit | 963aa85d2a6fb9438a12eace27e182aa3793c1c2 (patch) | |
| tree | db8a808f75e659abf1024f280b17447b36d2cf17 /usr.sbin/tzsetup | |
| parent | 4e6c8e6d83841736f57abbfc9db63846ce258827 (diff) | |
In read_zones(), check if the file name actually fit in the buffer
and make sure it would terminate with nul with strlcpy().
Reviewed by: imp (earlier revision)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D16595
Notes
Notes:
svn path=/head/; revision=337522
Diffstat (limited to 'usr.sbin/tzsetup')
| -rw-r--r-- | usr.sbin/tzsetup/tzsetup.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.sbin/tzsetup/tzsetup.c b/usr.sbin/tzsetup/tzsetup.c index 3e422ade25ff..dcf9f6863b43 100644 --- a/usr.sbin/tzsetup/tzsetup.c +++ b/usr.sbin/tzsetup/tzsetup.c @@ -481,7 +481,7 @@ read_zones(void) char contbuf[16]; FILE *fp; struct continent *cont; - size_t len; + size_t len, contlen; char *line, *tlc, *file, *descr, *p; int lineno; @@ -504,12 +504,16 @@ read_zones(void) path_zonetab, lineno, tlc); /* coord = */ strsep(&line, "\t"); /* Unused */ file = strsep(&line, "\t"); + /* get continent portion from continent/country */ p = strchr(file, '/'); if (p == NULL) errx(1, "%s:%d: invalid zone name `%s'", path_zonetab, lineno, file); - contbuf[0] = '\0'; - strncat(contbuf, file, p - file); + contlen = p - file + 1; /* trailing nul */ + if (contlen > sizeof(contbuf)) + errx(1, "%s:%d: continent name in zone name `%s' too long", + path_zonetab, lineno, file); + strlcpy(contbuf, file, contlen); cont = find_continent(contbuf); if (!cont) errx(1, "%s:%d: invalid region `%s'", path_zonetab, |