From 78bd82b79fdb80709642f906507dbf2b169271d9 Mon Sep 17 00:00:00 2001 From: Moritz Jodeit Date: Mon, 17 Sep 2007 07:07:24 +0000 Subject: Check snprintf(3) return value for error or truncation. Mostly path construction, where truncation could be bad. ok and input from deraadt@ millert@ ray@ --- lib/libc/net/rcmd.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib/libc/net/rcmd.c') diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index e2b91994920..30ca6710c4f 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -382,10 +382,14 @@ again: (void)fclose(hostf); } if (first == 1 && (__check_rhosts_file || superuser)) { + int len; + first = 0; if ((pwd = getpwnam(luser)) == NULL) return (-1); - snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir); + len = snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir); + if (len < 0 || len >= sizeof pbuf) + return (-1); /* * Change effective uid while opening .rhosts. If root and -- cgit v1.2.3