diff options
| author | Diomidis Spinellis <dds@FreeBSD.org> | 2006-12-03 17:50:21 +0000 |
|---|---|---|
| committer | Diomidis Spinellis <dds@FreeBSD.org> | 2006-12-03 17:50:21 +0000 |
| commit | f88b45d7df9ba19dd72e7521853593ecf2d16073 (patch) | |
| tree | 0cd3dee31733eda568f33a488b13329d02715775 /usr.bin/jot | |
| parent | 34785a9fc0994307b052f9527df2653be9cf8b67 (diff) | |
| download | src-f88b45d7df9ba19dd72e7521853593ecf2d16073.tar.gz src-f88b45d7df9ba19dd72e7521853593ecf2d16073.zip | |
Prevent buffer overflow when forcibly terminating an escape character.
Obtained from: OpenBSD
Note: In the case of a full buffer the OpenBSD implementation will
leave in the format string an invalid escape sequence. This appears
to be harmless with our C library, but according to C99 this can
cause undefined behavior.
MFC after: 2 weeks
Notes
Notes:
svn path=/head/; revision=164852
Diffstat (limited to 'usr.bin/jot')
| -rw-r--r-- | usr.bin/jot/jot.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.bin/jot/jot.c b/usr.bin/jot/jot.c index 34ec76b55f4f..088903f86674 100644 --- a/usr.bin/jot/jot.c +++ b/usr.bin/jot/jot.c @@ -480,7 +480,9 @@ fmt_broken: else if (*p == '%' && *(p+1) == '%') p++; else if (*p == '%' && !*(p+1)) { - strcat(format, "%"); + if (strlcat(format, "%", sizeof(format)) >= + sizeof(format)) + errx(1, "-w word too long"); break; } } |