From: Theodore Ts'o Date: Thu, 30 Jan 2014 22:45:36 +0000 (-0500) Subject: libss: fix potential buffer overrun in list_rqs X-Git-Tag: v1.42.10~80 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b36ce0e195c5ba7bb03dd8baceacc5dfa7a4c20;p=thirdparty%2Fe2fsprogs.git libss: fix potential buffer overrun in list_rqs Addresses-Coverity-Bug: #709516 Signed-off-by: "Theodore Ts'o" --- diff --git a/lib/ss/list_rqs.c b/lib/ss/list_rqs.c index 6baed419f..021a38358 100644 --- a/lib/ss/list_rqs.c +++ b/lib/ss/list_rqs.c @@ -18,20 +18,15 @@ typedef void sigret_t; -static char const twentyfive_spaces[26] = - " "; -static char const NL[2] = "\n"; - void ss_list_requests(int argc __SS_ATTR((unused)), const char * const *argv __SS_ATTR((unused)), int sci_idx, void *infop __SS_ATTR((unused))) { ss_request_entry *entry; char const * const *name; - int spacing; + int i, spacing; ss_request_table **table; - char buffer[BUFSIZ]; FILE *output; int fd; sigset_t omask, igmask; @@ -60,27 +55,24 @@ void ss_list_requests(int argc __SS_ATTR((unused)), entry = (*table)->requests; for (; entry->command_names; entry++) { spacing = -2; - buffer[0] = '\0'; if (entry->flags & SS_OPT_DONT_LIST) continue; for (name = entry->command_names; *name; name++) { int len = strlen(*name); - strncat(buffer, *name, len); + fputs(*name, output); spacing += len + 2; if (name[1]) { - strcat(buffer, ", "); + fputs(", ", output); } } if (spacing > 23) { - strcat(buffer, NL); - fputs(buffer, output); + fputc('\n', output); spacing = 0; - buffer[0] = '\0'; } - strncat(buffer, twentyfive_spaces, 25-spacing); - strcat(buffer, entry->info_string); - strcat(buffer, NL); - fputs(buffer, output); + for (i = 0; i < 25 - spacing; i++) + fputc(' ', output); + fputs(entry->info_string, output); + fputc('\n', output); } } fclose(output);