summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2017-12-15 14:20:53 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2017-12-15 14:20:53 +0000
commitaadb0787e6ffb12c89c1f614ce6a3f1d34b8664e (patch)
treeb3834445e02c32f3fed61daf7e95304677f59316
parent50f149c206d4b7fd934d504dddbe020068e5856c (diff)
Use the canonical idiom to check strlcat(3). An unchecked strlcat call
led to unexpected output: compare 'jot -w $(printf %1020s)%d%' 1 1' with 'jot -w $(printf %1019s)%d%' 1 1'. found by & ok martijn
-rw-r--r--usr.bin/jot/jot.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/usr.bin/jot/jot.c b/usr.bin/jot/jot.c
index c01ebb0fb3a..12b1fc5116b 100644
--- a/usr.bin/jot/jot.c
+++ b/usr.bin/jot/jot.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: jot.c,v 1.38 2017/12/15 13:04:11 tb Exp $ */
+/* $OpenBSD: jot.c,v 1.39 2017/12/15 14:20:52 tb Exp $ */
/* $NetBSD: jot.c,v 1.3 1994/12/02 20:29:43 pk Exp $ */
/*-
@@ -379,10 +379,9 @@ getformat(void)
errx(1, "-w word too long");
intdata = true;
} else if (*(p+1) == '\0') {
- if (sz <= 0)
- errx(1, "-w word too long");
/* cannot end in single '%' */
- strlcat(format, "%", sizeof format);
+ if (strlcat(format, "%", sizeof(format)) >= sizeof(format))
+ errx(1, "-w word too long");
} else {
/*
* Allow conversion format specifiers of the form
@@ -459,7 +458,10 @@ fmt_broken:
else if (*p == '%' && *(p+1) == '%')
p++;
else if (*p == '%' && *(p+1) == '\0') {
- strlcat(format, "%", sizeof format);
+ /* cannot end in single '%' */
+ if (strlcat(format, "%", sizeof(format)) >=
+ sizeof(format))
+ errx(1, "-w word too long");
break;
}
}