summaryrefslogtreecommitdiff
path: root/lib/libc
diff options
context:
space:
mode:
authorMoritz Jodeit <moritz@cvs.openbsd.org>2007-09-21 12:06:39 +0000
committerMoritz Jodeit <moritz@cvs.openbsd.org>2007-09-21 12:06:39 +0000
commitf82edc578e749e116af84cbb7c22af5e993840e6 (patch)
tree4b66e9c8206ceeae2c5cb2997ca6582e4da4cf0a /lib/libc
parent381b8cc5dd7f9f2a4ebc375fc9b327933c7900c0 (diff)
Add some more truncation checks for path construction in tmpnam(3).
ok ray@
Diffstat (limited to 'lib/libc')
-rw-r--r--lib/libc/stdio/tempnam.c32
1 files changed, 24 insertions, 8 deletions
diff --git a/lib/libc/stdio/tempnam.c b/lib/libc/stdio/tempnam.c
index 46b9d5536f8..279ff5690e6 100644
--- a/lib/libc/stdio/tempnam.c
+++ b/lib/libc/stdio/tempnam.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tempnam.c,v 1.15 2007/09/17 15:12:44 moritz Exp $ */
+/* $OpenBSD: tempnam.c,v 1.16 2007/09/21 12:06:38 moritz Exp $ */
/*
* Copyright (c) 1988, 1993
* The Regents of the University of California. All rights reserved.
@@ -44,7 +44,7 @@ extern char *_mktemp(char *);
char *
tempnam(const char *dir, const char *pfx)
{
- int sverrno;
+ int sverrno, len;
char *f, *name;
if (!(name = malloc(MAXPATHLEN)))
@@ -54,27 +54,43 @@ tempnam(const char *dir, const char *pfx)
pfx = "tmp.";
if (issetugid() == 0 && (f = getenv("TMPDIR")) && *f != '\0') {
- (void)snprintf(name, MAXPATHLEN, "%s%s%sXXXXXXXXXX", f,
- *(f + strlen(f) - 1) == '/'? "": "/", pfx);
+ len = snprintf(name, MAXPATHLEN, "%s%s%sXXXXXXXXXX", f,
+ f[strlen(f) - 1] == '/' ? "" : "/", pfx);
+ if (len < 0 || len >= MAXPATHLEN) {
+ errno = ENAMETOOLONG;
+ return(NULL);
+ }
if ((f = _mktemp(name)))
return(f);
}
if (dir != NULL) {
f = *dir ? (char *)dir : ".";
- (void)snprintf(name, MAXPATHLEN, "%s%s%sXXXXXXXXXX", f,
- *(f + strlen(f) - 1) == '/'? "": "/", pfx);
+ len = snprintf(name, MAXPATHLEN, "%s%s%sXXXXXXXXXX", f,
+ f[strlen(f) - 1] == '/' ? "" : "/", pfx);
+ if (len < 0 || len >= MAXPATHLEN) {
+ errno = ENAMETOOLONG;
+ return(NULL);
+ }
if ((f = _mktemp(name)))
return(f);
}
f = P_tmpdir;
- (void)snprintf(name, MAXPATHLEN, "%s%sXXXXXXXXX", f, pfx);
+ len = snprintf(name, MAXPATHLEN, "%s%sXXXXXXXXX", f, pfx);
+ if (len < 0 || len >= MAXPATHLEN) {
+ errno = ENAMETOOLONG;
+ return(NULL);
+ }
if ((f = _mktemp(name)))
return(f);
f = _PATH_TMP;
- (void)snprintf(name, MAXPATHLEN, "%s%sXXXXXXXXX", f, pfx);
+ len = snprintf(name, MAXPATHLEN, "%s%sXXXXXXXXX", f, pfx);
+ if (len < 0 || len >= MAXPATHLEN) {
+ errno = ENAMETOOLONG;
+ return(NULL);
+ }
if ((f = _mktemp(name)))
return(f);