loader: Avoid possible overflow via environment variable

Reported by: Coverity (CWE-120) CID: 1006704 Sponsored by: Dell EMC Isilon
2017-04-13 17:11:49 +00:00 · 2017-04-13 17:11:49 +00:00 · c789e03fb5
commit c789e03fb5
parent 8428914909
1 changed files with 1 additions and 1 deletions
--- a/sys/boot/common/commands.c
+++ b/sys/boot/common/commands.c
@ -132,7 +132,7 @@ command_help(int argc, char *argv[])
    char	*topic, *subtopic, *t, *s, *d;

    /* page the help text from our load path */
-    sprintf(buf, "%s/boot/loader.help", getenv("loaddev"));
+    snprintf(buf, sizeof(buf), "%s/boot/loader.help", getenv("loaddev"));
    if ((hfd = open(buf, O_RDONLY)) < 0) {
 	printf("Verbose help not available, use '?' to list commands\n");
 	return(CMD_OK);