luke
/
ngspice
mirror of https://git.code.sf.net/p/ngspice/ngspice
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow tailing '\0' 

Remove potentially user induced buffer overflow by replacing
sprintf by snprintf.
This commit is contained in:
Holger Vogt 2021-04-10 18:16:22 +02:00
parent 053e8c5a04
commit 2536b78acb
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/frontend/inp.c
View File

@ -475,7 +475,7 @@ inp_spsource(FILE *fp, bool comfile, char *filename, bool intfile)
{ {
struct card *deck = NULL, *dd, *ld, *prev_param = NULL, *prev_card = NULL; struct card *deck = NULL, *dd, *ld, *prev_param = NULL, *prev_card = NULL;
struct card *realdeck = NULL, *options = NULL, *curr_meas = NULL; struct card *realdeck = NULL, *options = NULL, *curr_meas = NULL;
char *tt = NULL, name[BSIZE_SP], *s, *t, *temperature = NULL; char *tt = NULL, name[BSIZE_SP + 1], *s, *t, *temperature = NULL;
double testemp = 0.0; double testemp = 0.0;
bool commands = FALSE; bool commands = FALSE;
wordlist *wl = NULL, *end = NULL, *wl_first = NULL; wordlist *wl = NULL, *end = NULL, *wl_first = NULL;
@ -1621,7 +1621,9 @@ doedit(char *filename)
editor = "/usr/bin/vi"; editor = "/usr/bin/vi";
} }
} }
sprintf(buf, "%s %s", editor, filename); int len = snprintf(buf, BSIZE_SP - 1, "%s %s", editor, filename);
if (len > BSIZE_SP - 1)
fprintf(stderr, "Error: the filename is probably tuncated\n");
return (system(buf) ? FALSE : TRUE); return (system(buf) ? FALSE : TRUE);
} }