From: James Jones <jejones3141@gmail.com>
Date: Wed, 21 Sep 2022 13:53:04 +0000 (-0500)
Subject: Check def file name against def_file size (CID #1504299) (#4731)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=569c5f2a793150bce1956fbf401da79998974662;p=thirdparty%2Ffreeradius-server.git

Check def file name against def_file size (CID #1504299) (#4731)

The check needed to be there... if coverity doesn't realize that
we are now checking, it will still need annotation.
---

diff --git a/scripts/jlibtool.c b/scripts/jlibtool.c
index 5a706ae5d72..0303044dafe 100644
--- a/scripts/jlibtool.c
+++ b/scripts/jlibtool.c
@@ -2253,6 +2253,10 @@ static void generate_def_file(command_t *cmd)
 
 
 	if (cmd->output_name) {
+		if (strlen(cmd->output_name) + 4 > sizeof(def_file)) {
+			ERROR("Def file name too long, out of buffer space\n");
+			return;
+		}
 		strcpy(def_file, cmd->output_name);
 		strcat(def_file, ".def");
 		hDef = fopen(def_file, "w");