kconfig: use snprintf for formatting pathnames Valid pathnames will never exceed PATH_MAX, but these file names are unsanitized and can cause buffer overflow if set incorrectly. Use snprintf to avoid this. This was flagged during a Coverity scan of the coreboot project, which also uses kconfig for its build system. Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

commit: b9d1a8e9302e68ee03571a286aadeb8041e0b2ca [log] [tgz]
author: Jacob Garber <jgarber1@ualberta.ca> Fri May 10 13:28:52 2019 -0600
committer: Masahiro Yamada <yamada.masahiro@socionext.com> Tue May 14 23:23:25 2019 +0900
tree: 372b2d2bee6137d794110d7ff7e106b086dfbe99
parent: 4cb726121e2cce18d4db5e79347f3ade5fd661a2 [diff] [blame]
diff --git a/scripts/kconfig/lexer.l b/scripts/kconfig/lexer.l
index c9df1c8..6354c90 100644
--- a/scripts/kconfig/lexer.l
+++ b/scripts/kconfig/lexer.l

@@ -378,7 +378,8 @@
 	if (!f && name != NULL && name[0] != '/') {
 		env = getenv(SRCTREE);
 		if (env) {
-			sprintf(fullname, "%s/%s", env, name);
+			snprintf(fullname, sizeof(fullname),
+				 "%s/%s", env, name);
 			f = fopen(fullname, "r");
 		}
 	}
commit	b9d1a8e9302e68ee03571a286aadeb8041e0b2ca	[log] [tgz]
author	Jacob Garber <jgarber1@ualberta.ca>	Fri May 10 13:28:52 2019 -0600
committer	Masahiro Yamada <yamada.masahiro@socionext.com>	Tue May 14 23:23:25 2019 +0900
tree	372b2d2bee6137d794110d7ff7e106b086dfbe99
parent	4cb726121e2cce18d4db5e79347f3ade5fd661a2 [diff] [blame]