diff options
| author | Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com> | 2016-11-16 15:42:53 -0800 |
|---|---|---|
| committer | Anas Nashif <nashif@linux.intel.com> | 2016-11-18 23:04:32 +0000 |
| commit | ababbf781563ff1a866ee3847f9f55098eda9023 (patch) | |
| tree | 776287b2cd99e2c13d6b51f0950f018724b13fc1 /scripts | |
| parent | c9aabcf2824ac55a57e6adb8584bf6951e86f1ac (diff) | |
scrips/kconfig: use snprintf() vs sprintf()
Coverity reported 150819 issue, which steams off Flex generated code
from zconf.l in which sprintf() was use. Because of that, the
conf_read_simple() @name parameter could be used to overrun
zconf_open() @fullname by crafting SRCTREE and KCONFIG_ALLCONFIG
environment variables.
Change-Id: I2cff817dccafe0e06b35636bbb7be95e062410af
Coverity-ID: 150819
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/kconfig/zconf.l | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/scripts/kconfig/zconf.l b/scripts/kconfig/zconf.l index d1ec0b98f..084607dcc 100644 --- a/scripts/kconfig/zconf.l +++ b/scripts/kconfig/zconf.l @@ -277,7 +277,8 @@ FILE *zconf_fopen(const char *name) if (!f && name != NULL && name[0] != '/') { env = getenv(SRCTREE); if (env) { - sprintf(fullname, "%s/%s", env, name); + snprintf(fullname, sizeof(fullname), + "%s/%s", env, name); f = fopen(fullname, "r"); } } |