From: millert Date: Thu, 17 Oct 2024 15:38:38 +0000 (+0000) Subject: create_tempfile: pass pointer to full pathname to strlcat() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=bdfaa295cdd5cc454d9e6fddd6b4e066025c806c;p=openbsd create_tempfile: pass pointer to full pathname to strlcat() Fixes a potential buffer overrun. Also check strlcpy() and strlcat() return value to detect truncations. Based on a diff from naddy@. OK naddy@ tb@ deraadt@ --- diff --git a/usr.bin/xinstall/xinstall.c b/usr.bin/xinstall/xinstall.c index 6183347f22c..dccb178e599 100644 --- a/usr.bin/xinstall/xinstall.c +++ b/usr.bin/xinstall/xinstall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xinstall.c,v 1.77 2022/12/04 23:50:50 cheloha Exp $ */ +/* $OpenBSD: xinstall.c,v 1.78 2024/10/17 15:38:38 millert Exp $ */ /* $NetBSD: xinstall.c,v 1.9 1995/12/20 10:25:17 jonathan Exp $ */ /* @@ -621,13 +621,19 @@ create_tempfile(char *path, char *temp, size_t tsize) { char *p; - strlcpy(temp, path, tsize); + if (strlcpy(temp, path, tsize) >= tsize) { + errno = ENAMETOOLONG; + return(-1); + } if ((p = strrchr(temp, '/')) != NULL) p++; else p = temp; *p = '\0'; - strlcat(p, "INS@XXXXXXXXXX", tsize); + if (strlcat(temp, "INS@XXXXXXXXXX", tsize) >= tsize) { + errno = ENAMETOOLONG; + return(-1); + } return(mkstemp(temp)); }