Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 9 Aug 2015 18:53:38 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] fix failure of tempnam to null-terminate result

On Sat, Aug 08, 2015 at 07:25:13PM +0200, Felix Janda wrote:
> tempnam uses an uninitialized buffer which is filled using memcpy and
> __randname. It is therefore necessary to explicitly null-terminate it.
> ---
>  src/stdio/tempnam.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/src/stdio/tempnam.c b/src/stdio/tempnam.c
> index 45a5f26..b938b31 100644
> --- a/src/stdio/tempnam.c
> +++ b/src/stdio/tempnam.c
> @@ -33,6 +33,7 @@ char *tempnam(const char *dir, const char *pfx)
>  	s[dl] = '/';
>  	memcpy(s+dl+1, pfx, pl);
>  	s[dl+1+pl] = '_';
> +	s[l] = '\0';
>  
>  	for (try=0; try<MAXTRIES; try++) {
>  		__randname(s+l-6);

Thanks! Committed with one small change.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.