In read_zones(), check if the file name actually fit in the buffer

and make sure it would terminate with nul with strlcpy(). Reviewed by: imp (earlier revision) MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D16595
2018-08-09 02:47:22 +00:00 · 2018-08-09 02:47:22 +00:00 · 963aa85d2a
commit 963aa85d2a
parent 4e6c8e6d83
1 changed files with 7 additions and 3 deletions
--- a/usr.sbin/tzsetup/tzsetup.c
+++ b/usr.sbin/tzsetup/tzsetup.c
@ -481,7 +481,7 @@ read_zones(void)
 	char		contbuf[16];
 	FILE		*fp;
 	struct continent *cont;
-	size_t		len;
+	size_t		len, contlen;
 	char		*line, *tlc, *file, *descr, *p;
 	int		lineno;

@ -504,12 +504,16 @@ read_zones(void)
 			    path_zonetab, lineno, tlc);
 		/* coord = */ strsep(&line, "\t");	 /* Unused */
 		file = strsep(&line, "\t");
+		/* get continent portion from continent/country */
 		p = strchr(file, '/');
 		if (p == NULL)
 			errx(1, "%s:%d: invalid zone name `%s'", path_zonetab,
 			    lineno, file);
-		contbuf[0] = '\0';
-		strncat(contbuf, file, p - file);
+		contlen = p - file + 1;		/* trailing nul */
+		if (contlen > sizeof(contbuf))
+			errx(1, "%s:%d: continent name in zone name `%s' too long",
+			    path_zonetab, lineno, file);
+		strlcpy(contbuf, file, contlen);
 		cont = find_continent(contbuf);
 		if (!cont)
 			errx(1, "%s:%d: invalid region `%s'", path_zonetab,