util/kconfig: Use snprintf to avoid buffer overflow

'name' and 'env' are supposed to be file system paths,
but could overflow the buffer if configured incorrectly.
Let's avoid that entirely.

Found-by: Coverity Scan #1362515
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Change-Id: I1aef36819d49ebcbde1c51995dc0961c85e74150
Reviewed-on: https://review.coreboot.org/c/coreboot/+/32686
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
This commit is contained in:
Jacob Garber 2019-05-08 09:32:00 -06:00 committed by Patrick Georgi
parent cb6f6a10b3
commit 554e55b0f0
2 changed files with 4 additions and 2 deletions

View File

@ -273,7 +273,8 @@ FILE *zconf_fopen(const char *name)
if (!f && name != NULL && name[0] != '/') {
env = getenv(SRCTREE);
if (env) {
sprintf(fullname, "%s/%s", env, name);
snprintf(fullname, sizeof(fullname),
"%s/%s", env, name);
f = fopen(fullname, "r");
}
}

View File

@ -2351,7 +2351,8 @@ FILE *zconf_fopen(const char *name)
if (!f && name != NULL && name[0] != '/') {
env = getenv(SRCTREE);
if (env) {
sprintf(fullname, "%s/%s", env, name);
snprintf(fullname, sizeof(fullname),
"%s/%s", env, name);
f = fopen(fullname, "r");
}
}