Commit b9d1a8e9 authored by Jacob Garber's avatar Jacob Garber Committed by Masahiro Yamada

kconfig: use snprintf for formatting pathnames

Valid pathnames will never exceed PATH_MAX, but these file names
are unsanitized and can cause buffer overflow if set incorrectly.
Use snprintf to avoid this. This was flagged during a Coverity scan
of the coreboot project, which also uses kconfig for its build system.
Signed-off-by: default avatarJacob Garber <jgarber1@ualberta.ca>
Signed-off-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
parent 4cb72612
......@@ -241,7 +241,7 @@ char *conf_get_default_confname(void)
name = expand_string(conf_defname);
env = getenv(SRCTREE);
if (env) {
sprintf(fullname, "%s/%s", env, name);
snprintf(fullname, sizeof(fullname), "%s/%s", env, name);
if (is_present(fullname))
return fullname;
}
......
......@@ -378,7 +378,8 @@ FILE *zconf_fopen(const char *name)
if (!f && name != NULL && name[0] != '/') {
env = getenv(SRCTREE);
if (env) {
sprintf(fullname, "%s/%s", env, name);
snprintf(fullname, sizeof(fullname),
"%s/%s", env, name);
f = fopen(fullname, "r");
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment