From ababbf781563ff1a866ee3847f9f55098eda9023 Mon Sep 17 00:00:00 2001
From: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
Date: Wed, 16 Nov 2016 15:42:53 -0800
Subject: scrips/kconfig: use snprintf() vs sprintf()

Coverity reported 150819 issue, which steams off Flex generated code
from zconf.l in which sprintf() was use. Because of that, the
conf_read_simple() @name parameter could be used to overrun
zconf_open() @fullname by crafting SRCTREE and KCONFIG_ALLCONFIG
environment variables.

Change-Id: I2cff817dccafe0e06b35636bbb7be95e062410af
Coverity-ID: 150819
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
---
 scripts/kconfig/zconf.l | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'scripts')

diff --git a/scripts/kconfig/zconf.l b/scripts/kconfig/zconf.l
index d1ec0b98f..084607dcc 100644
--- a/scripts/kconfig/zconf.l
+++ b/scripts/kconfig/zconf.l
@@ -277,7 +277,8 @@ FILE *zconf_fopen(const char *name)
 	if (!f && name != NULL && name[0] != '/') {
 		env = getenv(SRCTREE);
 		if (env) {
-			sprintf(fullname, "%s/%s", env, name);
+			snprintf(fullname, sizeof(fullname),
+                                 "%s/%s", env, name);
 			f = fopen(fullname, "r");
 		}
 	}
-- 
cgit v1.2.3