File: buf-overflow

package info (click to toggle)
eflite 0.4.1-14
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 484 kB
  • sloc: ansic: 4,363; makefile: 134
file content (22 lines) | stat: -rw-r--r-- 580 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
Fix buffer overflow

--- eflite-0.4.1.orig/es.c
+++ eflite-0.4.1/es.c
@@ -329,7 +329,7 @@
   char *p;
 
   p = getenv("HOME");
-  sprintf(buf, "%s/.es.conf", p);
+  snprintf(buf, sizeof(buf), "%s/.es.conf", p);
   fp = fopen(buf, "r");
   if (!fp) fp = fopen("/etc/es.conf", "r");
   if (!fp) return 1;
@@ -438,7 +438,7 @@
   char logname[200];
 
   if ((flags & 0xffff) > DEBUG) return;
-  sprintf(logname, "%s/es.log", getenv("HOME"));
+  sprintf(logname, sizeof(logname), "%s/es.log", getenv("HOME"));
   va_start(arg, text);
   vsnprintf(buf, 200, text, arg);
   va_end(arg);