Date: Wed, 10 May 2017 10:19:21 -0600 From: Warner Losh <imp@bsdimp.com> To: Alan Somers <asomers@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "svn-src-head@freebsd.org" <svn-src-head@freebsd.org> Subject: Re: svn commit: r318143 - head/usr.sbin/pw Message-ID: <CANCZdfrsMu8jJhUsUCbNT8TRLAydvd74cW8pwfsE5g6mr_QnQA@mail.gmail.com> In-Reply-To: <201705101538.v4AFc6c8009588@repo.freebsd.org> References: <201705101538.v4AFc6c8009588@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Again, this is wrong. -DNDEBUG makes this a nop. Warner. On Wed, May 10, 2017 at 9:38 AM, Alan Somers <asomers@freebsd.org> wrote: > Author: asomers > Date: Wed May 10 15:38:06 2017 > New Revision: 318143 > URL: https://svnweb.freebsd.org/changeset/base/318143 > > Log: > strcpy => strlcpy > > Reported by: Coverity > CID: 1006715 > MFC after: 3 weeks > Sponsored by: Spectra Logic Corp > > Modified: > head/usr.sbin/pw/pw_user.c > > Modified: head/usr.sbin/pw/pw_user.c > ============================================================================== > --- head/usr.sbin/pw/pw_user.c Wed May 10 15:35:41 2017 (r318142) > +++ head/usr.sbin/pw/pw_user.c Wed May 10 15:38:06 2017 (r318143) > @@ -33,6 +33,7 @@ static const char rcsid[] = > #include <sys/param.h> > #include <sys/types.h> > > +#include <assert.h> > #include <ctype.h> > #include <dirent.h> > #include <err.h> > @@ -501,7 +502,8 @@ pw_pwcrypt(char *password) > cryptpw = crypt(password, salt); > if (cryptpw == NULL) > errx(EX_CONFIG, "crypt(3) failure"); > - return strcpy(buf, cryptpw); > + assert(strlcpy(buf, cryptpw, sizeof(buf)) < sizeof(buf)); > + return (buf); > } > > static char * >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfrsMu8jJhUsUCbNT8TRLAydvd74cW8pwfsE5g6mr_QnQA>