This is the mail archive of the
cygwin-cvs@cygwin.com
mailing list for the Cygwin project.
[newlib-cygwin] getfacl: Don't trust length of incoming user/groupname
- From: Corinna Vinschen <corinna at sourceware dot org>
- To: cygwin-cvs at sourceware dot org
- Date: 23 Oct 2016 15:05:39 -0000
- Subject: [newlib-cygwin] getfacl: Don't trust length of incoming user/groupname
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=7d5af6f0ba06d8f1c49912e42a863c09ed6710af
commit 7d5af6f0ba06d8f1c49912e42a863c09ed6710af
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Sun Oct 23 16:52:28 2016 +0200
getfacl: Don't trust length of incoming user/groupname
Fixes Coverity CIDs 60079 and 60080
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/utils/getfacl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/winsup/utils/getfacl.c b/winsup/utils/getfacl.c
index 6fb04e6..57c58fb 100644
--- a/winsup/utils/getfacl.c
+++ b/winsup/utils/getfacl.c
@@ -40,7 +40,7 @@ username (uid_t uid)
struct passwd *pw;
if ((pw = getpwuid (uid)))
- strcpy (ubuf, pw->pw_name);
+ snprintf (ubuf, sizeof ubuf, "%s", pw->pw_name);
else
sprintf (ubuf, "%lu <unknown>", (unsigned long)uid);
return ubuf;
@@ -53,7 +53,7 @@ groupname (gid_t gid)
struct group *gr;
if ((gr = getgrgid (gid)))
- strcpy (gbuf, gr->gr_name);
+ snprintf (gbuf, sizeof gbuf, "%s", gr->gr_name);
else
sprintf (gbuf, "%lu <unknown>", (unsigned long)gid);
return gbuf;