util/kconfig: Use snprintf to avoid buffer overflow
'name' and 'env' are supposed to be file system paths, but could overflow the buffer if configured incorrectly. Let's avoid that entirely. Found-by: Coverity Scan #1362515 Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Change-Id: I1aef36819d49ebcbde1c51995dc0961c85e74150 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32686 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
This commit is contained in:
parent
cb6f6a10b3
commit
554e55b0f0
|
@ -273,7 +273,8 @@ FILE *zconf_fopen(const char *name)
|
|||
if (!f && name != NULL && name[0] != '/') {
|
||||
env = getenv(SRCTREE);
|
||||
if (env) {
|
||||
sprintf(fullname, "%s/%s", env, name);
|
||||
snprintf(fullname, sizeof(fullname),
|
||||
"%s/%s", env, name);
|
||||
f = fopen(fullname, "r");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2351,7 +2351,8 @@ FILE *zconf_fopen(const char *name)
|
|||
if (!f && name != NULL && name[0] != '/') {
|
||||
env = getenv(SRCTREE);
|
||||
if (env) {
|
||||
sprintf(fullname, "%s/%s", env, name);
|
||||
snprintf(fullname, sizeof(fullname),
|
||||
"%s/%s", env, name);
|
||||
f = fopen(fullname, "r");
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue