diff options
| author | Don Lewis <truckman@FreeBSD.org> | 2016-05-26 01:33:24 +0000 |
|---|---|---|
| committer | Don Lewis <truckman@FreeBSD.org> | 2016-05-26 01:33:24 +0000 |
| commit | 243e928310d073338c5ec089f0dce238a80b9866 (patch) | |
| tree | b588a2bc8715881f367d7c229d5b653d04c4d584 /usr.bin/fortune | |
| parent | 40424a256a00d2516eb085e31e245d6e1d290688 (diff) | |
| download | src-test-243e928310d073338c5ec089f0dce238a80b9866.tar.gz src-test-243e928310d073338c5ec089f0dce238a80b9866.zip | |
Avoid buffer overflow when copying the input file name and appending .dat.
Check the return value from fread() to be sure that it was successful.
Reported by: Coverity
CID: 1006709, 1009452
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=300705
Diffstat (limited to 'usr.bin/fortune')
| -rw-r--r-- | usr.bin/fortune/unstr/unstr.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/usr.bin/fortune/unstr/unstr.c b/usr.bin/fortune/unstr/unstr.c index f79a0ecc6ebd8..77ee1ecce608f 100644 --- a/usr.bin/fortune/unstr/unstr.c +++ b/usr.bin/fortune/unstr/unstr.c @@ -86,13 +86,19 @@ main(int argc, char *argv[]) exit(1); } Infile = argv[1]; - strcpy(Datafile, Infile); - strcat(Datafile, ".dat"); + if ((size_t)snprintf(Datafile, sizeof(Datafile), "%s.dat", Infile) >= + sizeof(Datafile)) + errx(1, "%s name too long", Infile); if ((Inf = fopen(Infile, "r")) == NULL) err(1, "%s", Infile); if ((Dataf = fopen(Datafile, "r")) == NULL) err(1, "%s", Datafile); - fread((char *)&tbl, sizeof(tbl), 1, Dataf); + if (fread((char *)&tbl, sizeof(tbl), 1, Dataf) != 1) { + if (feof(Dataf)) + errx(1, "%s read EOF", Datafile); + else + err(1, "%s read", Datafile); + } tbl.str_version = be32toh(tbl.str_version); tbl.str_numstr = be32toh(tbl.str_numstr); tbl.str_longlen = be32toh(tbl.str_longlen); |