isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check snprintf() return values even if we preallocated the correct amount.

Browse Source 
There are no remaining unchecked snprintf() that can actually overflow.
This commit is contained in:
Todd C. Miller
2021-09-21 19:13:35 -06:00
parent 23d04dde24
commit dc90df8de5
4 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/sudoers/ldap.c
View File

@@ -1339,7 +1339,7 @@ sudo_krb5_copy_cc_file(const char *old_ccname)
{
int nfd, ofd = -1;
ssize_t nread, nwritten = -1;
static char new_ccname[sizeof(_PATH_TMP) + sizeof("sudocc_XXXXXXXX") - 1];
static char new_ccname[] = _PATH_TMP "sudocc_XXXXXXXX";
char buf[10240], *ret = NULL;
debug_decl(sudo_krb5_copy_cc_file, SUDOERS_DEBUG_LDAP);
@@ -1355,8 +1355,6 @@ sudo_krb5_copy_cc_file(const char *old_ccname)
if (ofd != -1) {
(void) fcntl(ofd, F_SETFL, 0);
if (sudo_lock_file(ofd, SUDO_LOCK)) {
(void)snprintf(new_ccname, sizeof(new_ccname), "%s%s",
_PATH_TMP, "sudocc_XXXXXXXX");
nfd = mkstemp(new_ccname);
if (nfd != -1) {
sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,