diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2022-12-18 19:27:02 -0800 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2022-12-19 12:33:57 -0800 |
commit | 3ac95905f430b2549a69cd7c95c278dc626de12f (patch) | |
tree | 22c6469be1a5c62b80044b10c8e4364212e79259 | |
parent | 03488eeea9cef99e2fa6c29d43b4befcc3e6ce40 (diff) | |
download | sed-3ac95905f430b2549a69cd7c95c278dc626de12f.tar.gz |
sed: fix unlikely mkostemp-related overflow
* bootstrap.conf (gnulib_modules): Add mempcpy.
* sed/utils.c (ck_mkstemp): Use mempcpy instead of sprintf,
which doesn’t work with strings longer than INT_MAX.
-rw-r--r-- | bootstrap.conf | 1 | ||||
-rw-r--r-- | sed/utils.c | 9 |
2 files changed, 8 insertions, 2 deletions
diff --git a/bootstrap.conf b/bootstrap.conf index 9753f53..d491028 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -44,6 +44,7 @@ mbrlen mbrtowc mbsinit memchr +mempcpy memrchr minmax mkostemp diff --git a/sed/utils.c b/sed/utils.c index 03243c2..19d6554 100644 --- a/sed/utils.c +++ b/sed/utils.c @@ -185,8 +185,13 @@ FILE * ck_mkstemp (char **p_filename, const char *tmpdir, const char *base, const char *mode) { - char *template = xmalloc (strlen (tmpdir) + strlen (base) + 8); - sprintf (template, "%s/%sXXXXXX", tmpdir, base); + idx_t tmpdirlen = strlen (tmpdir), baselen = strlen (base); + char *template = xmalloc (tmpdirlen + baselen + 8); + char *basecopy = mempcpy (template, tmpdir, tmpdirlen); + *basecopy++ = '/'; + char *suffix = mempcpy (basecopy, base, baselen); + memset (suffix, 'X', 6); + suffix[6] = '\0'; /* The ownership might change, so omit some permissions at first so unauthorized users cannot nip in before the file is ready. |