diff options
| author | ns158690 <none@none> | 2006-02-08 22:45:47 -0800 |
|---|---|---|
| committer | ns158690 <none@none> | 2006-02-08 22:45:47 -0800 |
| commit | 4f5c01f9a280183d32b11a58cc2701be45f1a8aa (patch) | |
| tree | ee8c706827041e94d2f5699a0e0065c2320d7add /usr/src/lib/libadm/common | |
| parent | d397866e5fd1d90883a2f29a1673ce3805def39e (diff) | |
| download | illumos-joyent-4f5c01f9a280183d32b11a58cc2701be45f1a8aa.tar.gz | |
4804793 buffer overflow in libadm.so.1`pkginfofind
Diffstat (limited to 'usr/src/lib/libadm/common')
| -rw-r--r-- | usr/src/lib/libadm/common/pkgparam.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/usr/src/lib/libadm/common/pkgparam.c b/usr/src/lib/libadm/common/pkgparam.c index 816e6a1622..47393fbbb3 100644 --- a/usr/src/lib/libadm/common/pkgparam.c +++ b/usr/src/lib/libadm/common/pkgparam.c @@ -23,8 +23,8 @@ /* All Rights Reserved */ /* - * Copyright (c) 1995-1998 by Sun Microsystems, Inc. - * All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" /* SVr4.0 1.1 */ @@ -77,14 +77,22 @@ static char Adm_pkgadm[PATH_MAX] = { 0 }; /* added for newroot */ int pkginfofind(char *path, char *pkg_dir, char *pkginst) { + int len = 0; + /* Construct the temporary pkginfo file name. */ - (void) sprintf(path, "%s/.save.%s/pkginfo", pkg_dir, pkginst); + len = snprintf(path, PATH_MAX, "%s/.save.%s/pkginfo", pkg_dir, + pkginst); + if (len > PATH_MAX) + return (0); if (access(path, 0)) { /* * This isn't a temporary directory, so we look for a * regular one. */ - (void) sprintf(path, "%s/%s/pkginfo", pkg_dir, pkginst); + len = snprintf(path, PATH_MAX, "%s/%s/pkginfo", pkg_dir, + pkginst); + if (len > PATH_MAX) + return (0); if (access(path, 0)) return (0); /* doesn't appear to be a package */ } @@ -128,7 +136,7 @@ fpkgparam(FILE *fp, char *param) /* Get the next token. */ while ((c = getc(fp)) != EOF) { - ch = (char) c; + ch = (char)c; if (strchr(sepset, ch)) break; if (++n < VALSIZ) @@ -168,7 +176,7 @@ fpkgparam(FILE *fp, char *param) /* Now read the parameter value. */ while ((c = getc(fp)) != EOF) { - ch = (char) c; + ch = (char)c; if (begline && ((ch == ' ') || (ch == '\t'))) continue; /* ignore leading white space */ |