From 554e55b0f07e7913afad6b374e30661df9db617a Mon Sep 17 00:00:00 2001 From: Jacob Garber Date: Wed, 8 May 2019 09:32:00 -0600 Subject: [PATCH] util/kconfig: Use snprintf to avoid buffer overflow 'name' and 'env' are supposed to be file system paths, but could overflow the buffer if configured incorrectly. Let's avoid that entirely. Found-by: Coverity Scan #1362515 Signed-off-by: Jacob Garber Change-Id: I1aef36819d49ebcbde1c51995dc0961c85e74150 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32686 Tested-by: build bot (Jenkins) Reviewed-by: Nico Huber --- util/kconfig/zconf.l | 3 ++- util/kconfig/zconf.lex.c_shipped | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/util/kconfig/zconf.l b/util/kconfig/zconf.l index 0b45c19db9..f2636d2955 100644 --- a/util/kconfig/zconf.l +++ b/util/kconfig/zconf.l @@ -273,7 +273,8 @@ FILE *zconf_fopen(const char *name) if (!f && name != NULL && name[0] != '/') { env = getenv(SRCTREE); if (env) { - sprintf(fullname, "%s/%s", env, name); + snprintf(fullname, sizeof(fullname), + "%s/%s", env, name); f = fopen(fullname, "r"); } } diff --git a/util/kconfig/zconf.lex.c_shipped b/util/kconfig/zconf.lex.c_shipped index 72e3a5fca2..4133f71dd2 100644 --- a/util/kconfig/zconf.lex.c_shipped +++ b/util/kconfig/zconf.lex.c_shipped @@ -2351,7 +2351,8 @@ FILE *zconf_fopen(const char *name) if (!f && name != NULL && name[0] != '/') { env = getenv(SRCTREE); if (env) { - sprintf(fullname, "%s/%s", env, name); + snprintf(fullname, sizeof(fullname), + "%s/%s", env, name); f = fopen(fullname, "r"); } }