From owner-svn-src-head@FreeBSD.ORG  Sat Mar 28 05:57:27 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B22C81065672;
	Sat, 28 Mar 2009 05:57:27 +0000 (UTC)
	(envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 85A678FC1A;
	Sat, 28 Mar 2009 05:57:27 +0000 (UTC)
	(envelope-from delphij@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n2S5vRdr086114;
	Sat, 28 Mar 2009 05:57:27 GMT (envelope-from delphij@svn.freebsd.org)
Received: (from delphij@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n2S5vR2c086112;
	Sat, 28 Mar 2009 05:57:27 GMT (envelope-from delphij@svn.freebsd.org)
Message-Id: <200903280557.n2S5vR2c086112@svn.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Sat, 28 Mar 2009 05:57:27 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r190485 - in head/lib/libc/db: btree hash
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Mar 2009 05:57:28 -0000

Author: delphij
Date: Sat Mar 28 05:57:27 2009
New Revision: 190485
URL: http://svn.freebsd.org/changeset/base/190485

Log:
  db/btree/bt_open.c: check return value of snprintf() and return value
  if the result is truncated.
  
  db/hash/hash_page.c: use the same way to create temporary file as
  bt_open.c; check snprintf() return value.
  
  Obtained from:	OpenBSD

Modified:
  head/lib/libc/db/btree/bt_open.c
  head/lib/libc/db/hash/hash_page.c

Modified: head/lib/libc/db/btree/bt_open.c
==============================================================================
--- head/lib/libc/db/btree/bt_open.c	Sat Mar 28 05:45:29 2009	(r190484)
+++ head/lib/libc/db/btree/bt_open.c	Sat Mar 28 05:57:27 2009	(r190485)
@@ -383,14 +383,18 @@ static int
 tmp(void)
 {
 	sigset_t set, oset;
-	int fd;
+	int fd, len;
 	char *envtmp = NULL;
 	char path[MAXPATHLEN];
 
 	if (issetugid() == 0)
 		envtmp = getenv("TMPDIR");
-	(void)snprintf(path,
+	len = snprintf(path,
 	    sizeof(path), "%s/bt.XXXXXXXXXX", envtmp ? envtmp : "/tmp");
+	if (len < 0 || len >= (int)sizeof(path)) {
+		errno = ENAMETOOLONG;
+		return(-1);
+	}
 
 	(void)sigfillset(&set);
 	(void)_sigprocmask(SIG_BLOCK, &set, &oset);

Modified: head/lib/libc/db/hash/hash_page.c
==============================================================================
--- head/lib/libc/db/hash/hash_page.c	Sat Mar 28 05:45:29 2009	(r190484)
+++ head/lib/libc/db/hash/hash_page.c	Sat Mar 28 05:57:27 2009	(r190485)
@@ -53,7 +53,7 @@ __FBSDID("$FreeBSD$");
  */
 
 #include "namespace.h"
-#include <sys/types.h>
+#include <sys/param.h>
 
 #include <errno.h>
 #include <fcntl.h>
@@ -833,13 +833,24 @@ static int
 open_temp(HTAB *hashp)
 {
 	sigset_t set, oset;
-	static char namestr[] = "_hashXXXXXX";
+	int len;
+	char *envtmp = NULL;
+	char path[MAXPATHLEN];
+
+	if (issetugid() == 0)
+		envtmp = getenv("TMPDIR");
+	len = snprintf(path,
+	    sizeof(path), "%s/_hash.XXXXXX", envtmp ? envtmp : "/tmp");
+	if (len < 0 || len >= sizeof(path)) {
+		errno = ENAMETOOLONG;
+		return (-1);
+	}
 
 	/* Block signals; make sure file goes away at process exit. */
 	(void)sigfillset(&set);
 	(void)_sigprocmask(SIG_BLOCK, &set, &oset);
-	if ((hashp->fp = mkstemp(namestr)) != -1) {
-		(void)unlink(namestr);
+	if ((hashp->fp = mkstemp(path)) != -1) {
+		(void)unlink(path);
 		(void)_fcntl(hashp->fp, F_SETFD, 1);
 	}
 	(void)_sigprocmask(SIG_SETMASK, &oset, (sigset_t *)NULL);