From: Ivana Hutarova Varekova Date: Thu, 2 Jun 2011 12:29:45 +0000 (+0200) Subject: cg_build_path: use max FILENAME_MAX characters for array in 2nd parameter X-Git-Tag: v0.38~82 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0baac9f2229bba3e2adbe91fd85a71e3ddf68264;p=thirdparty%2Flibcgroup.git cg_build_path: use max FILENAME_MAX characters for array in 2nd parameter The function cg_build_path is internal now. All calls of it (there is one exception - cgroup_fill_cgc function which uses FILENAME_MAX+1, fixed now too) have the limited second parameter buffer to FILENAME_MAX. cg_build_path copy to this buffer, but thhere was no limitation of the size of coppied buffer. This is fixed in the patch. Signed-off-by: Ivana Hutarova Varekova Signed-off-by: Jan Safranek --- diff --git a/src/api.c b/src/api.c index 58f872a8..91fbf5cb 100644 --- a/src/api.c +++ b/src/api.c @@ -1006,22 +1006,22 @@ static inline pid_t cg_gettid(void) /* Call with cg_mount_table_lock taken */ +/* path value have to have size at least FILENAME_MAX */ static char *cg_build_path_locked(const char *name, char *path, const char *type) { int i; for (i = 0; cg_mount_table[i].name[0] != '\0'; i++) { - /* - * XX: Change to snprintf once you figure what n should be - */ if (strcmp(cg_mount_table[i].name, type) == 0) { if (cg_namespace_table[i]) { - sprintf(path, "%s/%s/", + snprintf(path, FILENAME_MAX, "%s/%s/", cg_mount_table[i].mount.path, cg_namespace_table[i]); + path[FILENAME_MAX-1] = '\0'; } else { - sprintf(path, "%s/", + snprintf(path, FILENAME_MAX, "%s/", cg_mount_table[i].mount.path); + path[FILENAME_MAX-1] = '\0'; } if (name) { @@ -1030,7 +1030,9 @@ static char *cg_build_path_locked(const char *name, char *path, /* FIXME: missing OOM check here! */ - sprintf(path, "%s%s/", tmp, name); + snprintf(path, FILENAME_MAX, "%s%s/", + tmp, name); + path[FILENAME_MAX-1] = '\0'; free(tmp); } return path;