Fixes a potential buffer overflow with the pid filename.

Submitted by: Mike Heffner <spock@techfour.net> Submitted on: audit@freebsd.org
2000-04-30 21:04:36 +00:00 · 2000-04-30 21:04:36 +00:00 · dee921f457
commit dee921f457
parent 30395bb5f1
1 changed files with 3 additions and 1 deletions
--- a/sbin/startslip/startslip.c
+++ b/sbin/startslip/startslip.c
@ -214,7 +214,9 @@ main(argc, argv)
 		dvname = devicename;
 	else
 		dvname++;
-	sprintf(pidfile, PIDFILE, _PATH_VARRUN, dvname);
+	if (snprintf(pidfile, sizeof(pidfile), PIDFILE, _PATH_VARRUN, dvname) >= sizeof(pidfile))
+		usage();
+
 	if ((pfd = fopen(pidfile, "r")) != NULL) {
 		if (fscanf(pfd, "%ld\n", &lpid) == 1) {
 			pid = lpid;