util/kconfig: Use snprintf to avoid buffer overflow

'name' and 'env' are supposed to be file system paths, but could overflow the buffer if configured incorrectly. Let's avoid that entirely. Found-by: Coverity Scan #1362515 Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Change-Id: I1aef36819d49ebcbde1c51995dc0961c85e74150 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32686 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
2019-05-08 09:32:00 -06:00 · 2019-05-08 09:32:00 -06:00 · 554e55b0f0
parent cb6f6a10b3
commit 554e55b0f0
2 changed files with 4 additions and 2 deletions
--- a/util/kconfig/zconf.l
+++ b/util/kconfig/zconf.l
@ -273,7 +273,8 @@ FILE *zconf_fopen(const char *name)
 	if (!f && name != NULL && name[0] != '/') {
 		env = getenv(SRCTREE);
 		if (env) {
-			sprintf(fullname, "%s/%s", env, name);
+			snprintf(fullname, sizeof(fullname),
+					"%s/%s", env, name);
 			f = fopen(fullname, "r");
 		}
 	}
--- a/util/kconfig/zconf.lex.c_shipped
+++ b/util/kconfig/zconf.lex.c_shipped
@ -2351,7 +2351,8 @@ FILE *zconf_fopen(const char *name)
 	if (!f && name != NULL && name[0] != '/') {
 		env = getenv(SRCTREE);
 		if (env) {
-			sprintf(fullname, "%s/%s", env, name);
+			snprintf(fullname, sizeof(fullname),
+					"%s/%s", env, name);
 			f = fopen(fullname, "r");
 		}
 	}