From 991d4151a7c1c8a4001b2e3334dcf1a8a8530d29 Mon Sep 17 00:00:00 2001 From: cem Date: Thu, 13 Apr 2017 17:11:49 +0000 Subject: [PATCH] loader: Avoid possible overflow via environment variable Reported by: Coverity (CWE-120) CID: 1006704 Sponsored by: Dell EMC Isilon --- sys/boot/common/commands.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/boot/common/commands.c b/sys/boot/common/commands.c index 2b0e8cbe0aca..def7ff284649 100644 --- a/sys/boot/common/commands.c +++ b/sys/boot/common/commands.c @@ -132,7 +132,7 @@ command_help(int argc, char *argv[]) char *topic, *subtopic, *t, *s, *d; /* page the help text from our load path */ - sprintf(buf, "%s/boot/loader.help", getenv("loaddev")); + snprintf(buf, sizeof(buf), "%s/boot/loader.help", getenv("loaddev")); if ((hfd = open(buf, O_RDONLY)) < 0) { printf("Verbose help not available, use '?' to list commands\n"); return(CMD_OK);